When a Leak Isn’t a Leak

Over the weekend Dale Myers wrote a blog post that examined our .agilekeychain format. The post featured a good discussion and analysis of our older data format, but it raised some questions among 1Password users and the wider technology community.

Dale states that he plans to continue using 1Password and has no concerns over the safety of his passwords themselves, but his main concern was how the AgileKeychain handles item URLs. While we widely documented this design decision and shared it publicly, Dale was surprised to find out that we didn’t encrypt URLs within the keychain. We want to reassure users that rely on AgileKeychain that their password data is safe and secure, and take the time to walk through our data formats to explain the issue completely.

AgileKeychain & OPVault Data Formats

Back in 2008, we introduced the AgileKeychain as a way to help our users better synchronize data across platforms and devices. At this time, 1Password had significantly less processing power to draw from for tasks like decryption, and doing something as simple as a login search would cause massive performance issues and battery drain for our users. Given the constraints that we faced at the time, we decided not to encrypt item URLs and Titles (which resembled the same sorts of information that could be found in browser bookmarks).

In December 2012, we introduced a new format that encrypted much more of the metadata. OPVault, our newer and stronger data format, provided authenticated encryption as well as many other improvements for 1Password users.

This format worked well in situations where we didn’t need to worry about backwards compatibility, including iCloud and local storage on iOS and Mac. For Windows, Android, and Dropbox syncing, however, we needed to decide if we should migrate to the new format or provide compatibility with older versions of 1Password.

We decided to take a conservative approach and not automatically migrate everyone over to OPVault because many users depend upon older versions of 1Password and they wouldn’t be able to log into their accounts. We knew we could trust the security of the AgileKeychain to protect confidential user data so we didn’t want to rush into something that would disrupt people’s workflows.

Switching to OPVault

Despite the security of AgileKeychain remaining intact, Dale reminded us that its time to move on. The OPVault format is really great in so many ways and we should start sharing it with as many users as possible.

We’ve already started making changes to use OPVault as the default format. In fact, the latest beta of 1Password for Windows does this already. Similar changes are coming to Mac and iOS soon, and we’re planning on using the new format in Android in the future. Once all of these things are complete, we will add an automatic migration for all 1Password users. For users who would like to switch to OPVault sooner than this, here’s how you can get started immediately:

To avoid losing access to your data, be sure to back up your 1Password data beforehand, and only follow these instructions if you are NOT using any legacy versions of 1Password. If you have any questions or concerns, or would like to migrate but aren’t sure if your version of 1Password is affected, our knowledgebase, forums and support team are here to help.

107 replies
Newer Comments »
  1. Stuart
    Stuart says:

    For 1Password for Mac 5 can’t we just use the Help > Tools > Enable OPvault for Dropbox and Folder sync option rather than using the terminal commands mentioned in the KB article? Or is that option only available in the beta releases? Seems easier than the terminal commands for most users?

    Also what happened to the previous blog post about the XARA vulnerability? I favourited it my RSS reader and now it has disappeared.

    Reply
    • Dave Teare
      Dave Teare says:

      Hi Stuart,

      You’re absolutely right about the Enable OPVault for Dropbox and Folder sync menu item, it would be much easier for users to use than the Terminal commands. As you speculated, however, that menu item is only available in beta releases. Given that we’re changing the default, we might remove the menu item completely, but I haven’t reviewed the proposed code changes that deeply yet so I can’t say for certain.

      Regarding the previous blog post about XARA, that is a really interesting post by Rick so I can see why you favourited it :) We had prepared the post in advance and had planned to post it when the official Safari browser extension was published. Rick and I got our wires crossed and we ended up publishing it when the new Mac version was released. I pulled the post temporarily and will republish it once the new Safari release is ready.

      Take care,
      Dave.

  2. Anonymous
    Anonymous says:

    Three points:

    It might be a good idea to include the link to the original post by Dale Myers (http://myers.io/2015/10/22/1password-leaks-your-data/) to pay the due respect and help the curious readers.
    If memory serves, metadata leakage of agilekeychain has been a concern for years, and certainly has been discussed on this blog or in the forum before, no? (I didn’t bother to look for it.) Nothing new here.
    Speaking of the second concern in Dale’s post: Unless I’m mistaken, the browser extension has been doing a good job stripping out query strings and some irrelevant path segments for a long time.

    Reply
    • Dave Teare
      Dave Teare says:

      Hello Anonymous!

      You’re right, there’s nothing new here. One interesting part of the article is it points out how some people store their keychain in publicly accessible locations, which is not recommended for any data, encrypted or not.

      As for the browser extension and query strings, we save the full URL of the Login (including the parameters/query string) as often times parts of the query string are needed to load to the correct Login page. This is important for the Go & Fill feature.

      Despite this being nothing new, I appreciate Dale’s passion and believe it’s time to move on. It will take time to complete the transition as there’s a lot of moving parts, especially on Android, but we’ll get there.

      Cheers!
      Dave.

    • Anonymous
      Anonymous says:

      we save the full URL of the Login (including the parameters/query string)

      I’m wrong then, sorry. In my defense, I’ve abandoned the auto-save dialog for quite a while in favor of manually converting a password to login (in order to avoid irrelevant webform entries), so the behavior I mentioned might be due to wrong memory, false impression, or outdated info.

    • PhilBoogie
      PhilBoogie says:

      Ha! That’s one way of circumventing a feature advertised by AgileBits as great, whilst it’s actually not working, hence people like you disabling auto-save. Can’t believe this still isn’t working properly.

    • Dave Teare
      Dave Teare says:

      Hi Phil,

      It would be great to understand better exactly what isn’t working well for you. Is the AutoSave window appearing too often, or are there sites that you expect it to appear on and it isn’t?

      ++dave;

    • Anonymous
      Anonymous says:

      Follow-up on full URL: I just gave a try, and turns out that the “website” field of a password entry comes with path, query, and fragment stripped, but an auto-saved login entry contains the full URL.

  3. Arun
    Arun says:

    I appreciate that you guys made your data formats public – one of the reasons I like 1Password. This helped me make the decision to move to OPVault months back when I fully migrated from LastPass. That said, it took me a bit of digging (and interest) to understand the differences; I can understand that many users may not have the time or inclination to do so and hence would be surprised to learn that metadata is not encrypted in the Agile Keychain format.

    These things have a way of being blown out of all proportion; I think you guys have a great product. I think it is in most people’s interest to move to the OP Vault format being the default.

    Reply
    • Megan O'Brien
      Megan O'Brien says:

      Hi Arun,

      Thanks so much for sharing your thoughts here. As the company that you trust to store your most sensitive data, we think it’s pretty important to be open about the decisions we’ve made when building 1Password, and it’s great to see that you agree.

      One of the projects we’ve taken on recently is a new knowledgebase. There are still a few more articles that we want to write for it, but we are doing what we can to ensure that all of the important security information is available there. I’ll mention to our documentation team that we could do a bit more in the knowledgebase to discuss the differences between .opvault and .agilekeychain.

      We really appreciate your kind words – have an awesome day!

      /Megan

  4. Aaron Toponce
    Aaron Toponce says:

    So, basically, you just confirmed what Dale put in his post- The AgileKeychain data format leaks metadata about the accounts you have. So, exactly how is this not a leak? Especially seeing as though it affects so many platforms and operating systems?

    Reply
    • Bob
      Bob says:

      You, not 1Password or Agilebits, leak your data when you post your keychain on a publicly accessible site. What small percentage of their users even know about 1Password Anywhere and then what even smaller percentage post their keychain on a public site? They also offered an alternative and described the difference 3 years ago. There is no real “leak” in this story.

    • Warren Young
      Warren Young says:

      That’s pure spin. The whole point of using a heavily encrypted password vault is that you should be able to give the encrypted vault to anyone — even a major world government — and have no worry that the one you give it to can do anything useful with it.

      As for the argument that “only” the metadata is stored in plaintext, if you doubt that some people think that’s plenty of a breach already, you haven’t been paying attention to US privacy politics, which should be 1Password’s bailiwick. There are those that argue that who you call on the phone, when you call them, and how long the call lasts — i.e. cell phone metadata — does not reveal the content of the conversation, so it must not fall under the 4th amendment protections. The hue and cry against that legal snow job should have told Agile Bits what its customers are likely to think about a similar metadata leak.

      And yes, I do remember hearing all this OPVault talk years ago when you introduced it, and I was happy to see the work being done. What I did not realize until today is that those of us not using pure iOS mobile did not get the benefit of this. I was under the impression that this leak was closed for everyone years ago.

      You. Dropped. The. Ball.

    • Megan O'Brien
      Megan O'Brien says:

      Hi Aaron,

      Thanks for giving us the opportunity to continue this important conversation!

      Dale makes some good observations in his post, but this isn’t a leak. A leak involves data made available to the public by accident, an attack that has breached security, or an unintended gap in security measures. In this case, there is no breach. There is no leak.

      The Agile Keychain is an open, documented format, in which a choice was made to leave titles and URLs unencrypted to make search usable and provide a better experience. Titles and URLs are the same two sets of data that are plainly visible in a browser’s bookmarks. When we designed the Agile Keychain format eight years ago, we felt that it was a safe compromise. Now that devices have so much more processing power, we no longer need to make this compromise.

      It’s great to hear that you are thinking seriously about the security of your data. If you have any further questions, feel free to email in to support+security@agilebits.com and we’ll put you in touch with our security team.

    • Megan O'Brien
      Megan O'Brien says:

      Hi Dave,

      I’ve got good news for you! We can get you switched to .opvaultault format already, and you can continue to use Dropbox almost everywhere.

      For 1Password for Android we recently introduced Wi-Fi sync that uses an internal version of the OPVault format. If you wish to avoid using the AgileKeychain data format, you can switch over to Wi-Fi sync on your Android device and switch to OPVault format on other platforms.

      I hope that helps! Please let us know if you have any other questions. :)

    • wubdidu
      wubdidu says:

      Hi Megan,

      as far as I know, the Wi-Fi sync is not automatic – this means that if I add some passwords in my vault on my Mac and forget to sync it, I’m out of luck if I need them outside.

      Previously I used SyncThing to automatically sync the database to all my devices, which is now not possible anymore on Android.

      The blog post mentions OPVault support on Android “in the future” – what does this mean? Is anyone even working on this? For me this means “Maybe 2017 or something, bye.” If the Wi-Fi sync is actually using a variation of OPVault, then it shouldn’t be that big of a problem to implement OPVault fully, right?

      I just recently switched from LastPass to 1Password, a switch that I wanted to do for a long time (never change a running system and stuff…) – but the seemingly lack of Android support kinda makes me regret the quite expensive purchase of the Mac/Windows bundle…

    • Megan O'Brien
      Megan O'Brien says:

      Hi wubdidu,

      I wish I could give you more details on when .opvault support would be available for Android, but we don’t discuss unreleased features, simply because we’d hate to promise something that later became impossible due to factors beyond our control. I can tell you that our developers are aware that this is an important feature for our Android users, and we’re doing what we can to get this implemented.

      In the meantime, I do want to assure you that many of us on the AgileBits team still trust the .agilekeychain format to sync our data. We would not have this data format available for users if we thought that it was insecure.

      If you have any further questions or concerns, please drop us a line at support+social@agilebits.com, we’d love to continue the conversation!

    • Megan O'Brien
      Megan O'Brien says:

      Hi Geoff,

      .opvault support is on the roadmap for 1Password for Android, but I can’t say just when we’ll have it implemented. I’ll be sure to let our developers know that you are eager to switch just as soon as possible.

  5. Willem
    Willem says:

    As I am always interested in security subjects this one is a little hybrid. However the design of the .agilekeychain format is documented and there are well documented processes to convert to OPVault format manually, Dale Myers has made a lot of noise about this finding.

    Dale Myers shows us some assumed risks about unencrypted parts of the .agilekeychain. The fact is you can choose for the new OPVault design, which is designed with a higher security level. The issue of the plain text format of the password hint can be bypassed by entering a dot in this field if you don’t want to use it.

    Dale also mentioned he will continue the usage of 1Password and he isn’t worried at all that his passwords should not be safe anymore.

    Maybe Dale Myers will encourage the development team of 1Password to hurry for releasing a conversion tool and an upgrade for the 1PasswordAnywhere tool.

    Unfortunately this article created a lot of noise and that is not what 1Password deserves. It is a well designed multiplatform concept that helps you to improve to keep your secrets stored in a secure way.

    Of course it is a better choice to increase security behavior by using the most advanced data format.

    Reply
    • Megan O'Brien
      Megan O'Brien says:

      Hi Willem,

      Thanks so much for sharing your thoughts here. You’re right, Dale does mention at the end of the article that he still trusts 1Password with his data, and that’s a pretty important point.

      We really appreciate your kind thoughts here – keep being awesome!

      /Megan

  6. Chris M.
    Chris M. says:

    So did I understand correctly that the new format will NOT support 1PasswordAnywhere? I’ll admit that I have NEVER had occasion to really use this feature, but I’ve definitely come up with a use case where having it would be essential. If I’m on travel and my stuff gets stolen, including my phone, and I need to get access to my Password vault, so long as I’ve memorized my cloud account password, and it allows a method to bypass 2-Factor authentication (which does sound scary in itself, but is needed in this use case), then I can still have access to my important info. If OPVault removes that capability, I’ll have to think of some other emergency options (“backup” vault on a USB stick or something?) Thoughts?

    Reply
    • Megan O'Brien
      Megan O'Brien says:

      Hi Chris,

      At this time, 1PasswordAnywhere is exclusive to the .agilekeychain and Dropbox sync. It was designed in the days of 1Password 3, before fancy features like .opvault (and iCloud sync) were available. We know that a lot of users really appreciate the ability to access their data on computers without 1Password installed, and we are looking into options for something like this moving forward.

      I’ll be sure to let our team know that you’re interested in seeing a feature like this in .opvault!

      If you have any other questions about 1Password, we’re happy to help. :)

      /Megan
      support.1password.com

    • WillemBeekhuis
      WillemBeekhuis says:

      Hi Chris,

      If it ever happen that your devices gets stolen the best option is first buy new devices. An USB stick can help but you can also lose it or it may be stolen. Besides you should realize that an USB stick is also not very safe unless it is encrypted.

      1PasswordAnywhere is still a nice fallback scenario. If you can wait for an upgrade that would be the best advice.
      Even staff members of Agilebits still use the .agilebitskeychain with Dropbox in a multiplatform environment.

      You should also read this comment:
      http://timedoctor.org/2015/10/misleading-headlines-popularity-rises-200/

      My conclusion is that you should not make a decision to manual conversion too hastily, calculate the risk of your own situation:
      1. How many people can access your devices
      2. Who are permitted to acces your Dropbox storage

  7. Greg Ramsaran
    Greg Ramsaran says:

    I absolutely LOVE that Agilebits is so open with their blogs and open to this discussion. I use all 4 platforms and don’t mind waiting, but would like an ETA if there is one.

    Reply
    • Dave Teare
      Dave Teare says:

      Thank you, Greg! W love talking about this stuff as well, so we’ll keep on writing if you promise to keep reading :)

      As for timing, I don’t have an ETA to share. Historically I’ve been pretty bad at picking release dates as invariably unexpected things popup that throw the schedule off. It will first appear in the betas, so if you enjoy living on the cutting edge, you can enable betas within the update preferences.

      Cheers!

      ++dave;

  8. markus
    markus says:

    Hi,

    You should have updated a little more in time, but you did not.
    I’ve readed all your docs when you’ve got new fileformat available and understood why the new one was an improvement.
    I was aware about this issue and I should have asked you to migrate, but I did not. As all other guys did not.
    So now we all got reminded, you fix it. Anyway lessons learned should be next time to review decision in reproducable manner. Thanks a lot for your great Product.

    Markus

    Reply
    • Dave Teare
      Dave Teare says:

      Thank you for your thoughts on this matter, Markus.

      You’re absolutely right, we could have implemented this change sooner. I hope our post explained why we chose the path we took. To reiterate, the AgileKeychain is safe (I’m using it myself with my data synced to Dropbox – I would never expect my customers to use something I myself wouldn’t) so I felt it prudent to continue to support older clients.

      In any event, thank you for the kind words about 1Password!

      Take care,

      ++dave;

    • Willem
      Willem says:

      Thats almost correct. If other people can access your PC then they could examin the passwordvault. If not then your are safe using the .agilekeychain format.

    • Dave Teare
      Dave Teare says:

      Hi Bob,

      Willem is correct (thanks Willem!), if you are using Mac OS X and not syncing to Dropbox, then you are already using the new data format.

      If you are using 1Password for Windows, you will default to using the AgileKeychain format. This format is secure (I use it myself) but it leaves the URLs and Titles of your items in plain text (unencrypted) for performance reasons.

      I hope this helps. Please let us know,

      ++dave;

    • other bob
      other bob says:

      Hi Dave – I do use folder sync and it appears that the vault is the older format. Does folder sync require the older format?

    • Rich
      Rich says:

      Wow I just have to ask is this your personal opinion or what agilebits official (vetted by I hope a chief security officer) has to say about this vulnerability.

    • Dave Teare
      Dave Teare says:

      Hi Rich,

      Our Chief Defender Against the Dark Arts is awesome but he’s just one man and doesn’t have the time to review and read everything :)

      So no, I didn’t ask him to proof read my replies, but I did ask one of the Founders to take a peek ;)

      ++dave;
      (AgileBits Founder)

Newer Comments »

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *