Three layers of encryption keeps you safe when SSL/TLS fails

No 1Password data is put at any risk through the bug reported about CloudFlare. 1Password does not depend on the secrecy of SSL/TLS for your security. The security of your 1Password data remains safe and solid.

We will provide a more detailed description in the coming days of the CloudFlare security bug and how it (doesn’t) affect 1Password. At the moment, we want to assure and remind everyone that we designed 1Password with the expectation that SSL/TLS can fail. Indeed it is for incidents like this that we deliberately made this design.

No secrets are transmitted between 1Password clients and 1Password.com when you sign in and use the service. Our sign-in uses SRP, which means that server and client prove their identity to each other without transmitting any secrets. This means that users of 1Password do not need to change their Master Passwords.

UmbrellaBearYour actual data is encrypted with three layers (including SSL/TLS), and the other two layers remain secure even if the secrecy of an SSL/TLS channel is compromised.

The three layers are

  1. SSL/TLS. This is what puts the “S” in HTTPS. And this is what data may have been exposed due to the Cloudflare bug during the vulnerable period.
  2. Our own transport layer authenticated encryption using a session key that is generated using SRP during sign in. The secret session keys are never transmitted.
  3. The core encryption of your data. Except for when you are viewing your data on your system, it is encrypted with keys that are derived from your Master Password and your secret Account Code. This is the most important layer, as it would protect you even if our servers were to be breached. (Our servers were not breached.)
121 replies
Newer Comments »
  1. Dave Teare
    Dave Teare says:

    Thanks for posting this so quickly, Jeff! I was at Yoga when you wrote this so I didn’t have a chance to proof read it and give you feedback before it went live. So here I am desperately looking for a typo so I can keep my editor job here, but dang, I couldn’t find any. ?

    In all seriousness, if anyone is interested in knowing more of the details before Jeff’s followup post is ready, you can read the Transport Security section of our 1Password White Paper, including this bit:

    Because parts of systems can fail, it is useful to design the overall system so that a failure in one part does not result in failure. This approach is often called defense in depth.

    As great as the White Paper is, I’m really looking forward to seeing Jeff’s upcoming post that elaborates on all these layers and how they work together to protect user data. ?

    ++dave;

    Reply
    • Polly Clive
      Polly Clive says:

      I would blindly follow the 1Password team to the ends of the earth and back, as I believe that’s how secure our data is. You guys are always a step ahead and I sleep better at night for it. Thank you Dave and Jeff and your fantastic team. Polly, devotee for a loooooong time.

    • Dave Teare
      Dave Teare says:

      Polly! It’s so great to hear from you again! ? It’s always lovely to hear from you. ❤️

      I’m glad to hear you’re still rocking with 1Password and that you’re sleeping better at night. After this rollercoaster ? of a week, I could use some sleep myself! ?

      Take care, ?

      ++dave;

    • Larry Nolan
      Larry Nolan says:

      Dave, thanks for letting us readers & users of 1Password that our information is safe. Great design is always appreciated by this former programmer.

    • Jeffrey Goldberg
      Jeffrey Goldberg says:

      Thank you Larry! And once a programmer always a programmer. I don’t care if it was FORTRAN (not that I’m trying to suggest that you are as old as I am!)

    • Phil Marcelo
      Phil Marcelo says:

      This is what I really appreciate about your team. When I first read about this on Wirecutter, I immediately wondered if I needed to change the master password. I saw that a link was already posted in their comments section by you. Your post told us right away what I think most of us were wondering. Then you provided more information. The irony to me is that the more technical insight you provide the better I feel about using your secure services (I see a number of commenters feel the same way). The thing is, I don’t feel that I need to know everything about how it works, I just need to trust that Agilebits cares and know what to do. I’ve been a customer for many years now and this responsiveness (like with the recent certificate issue), along with the robust features of the software, are what keep me a customer as well as a confident endorser to those I tell about 1Password. As always, keep up the great work!

    • Dave Teare
      Dave Teare says:

      Thank you for your incredibly kind words Phil, they mean a lot to me. And thank you so very very much for recommending 1Password to your friends and colleagues. We live and breath by word-of-mouth and wouldn’t be here without awesome customers like you. ?

      Thank you very very much for enabling us to work on what we love. ❤️

      ++dave;

    • Dave Teare
      Dave Teare says:

      No need to get dizzy here! ?

      You’re right though, it’s absolutely dizzying to think how crazy things are for all the non-Zero Knowledge Systems out there tonight. Those developers need a hug and a coffee. ? And a nudge to change their apps to be zero knowledge. ?

      ++dave;

    • Dave Teare
      Dave Teare says:

      Thanks for sharing that with us, Peter! I agree ?

      I’ve been poking Jeff to write more as I love reading his prose. His pathological need to explain things makes for incredibly interesting posts. I suspect we’re in for some real treats soon!

      ++dave;

  2. Chris Jones
    Chris Jones says:

    I’m curious what API stuff 1Password is doing – I use it without any of the Teams features, or any shared Vault stuff, just regular old iCloud syncing between my iOS and Mac devices. I had tended to assume that that meant I wouldn’t be talking to 1Password servers at all.

    Reply
    • Jeffrey Goldberg
      Jeffrey Goldberg says:

      Hi Chris,

      I’m sorry for the confusion. If you are not using a 1Password account (but instead are synching your data on your own through Dropbox or iCloud) then none of this is relevant to you. Just as we have done with with 1password.com accounts, the security of your data synchronization with Dropbox or iCloud does not depend on the secrecy of HTTPS.

      Yesterday’s news isn’t about Dropbox or iCloud, but if it were our answer would be largely the same: We have designed 1Password to keep your data secure even if the security of the connection between you and whatever sync service you use is compromised.

      So while that is generally true, we are getting a lot of questions about CloudFlare, and so the blog post focuses on that and on that technology instead of stating thing more generally for all sync services. This is so that we can give a direct, clear, and useful answer to those who are asking.

    • Dave Teare
      Dave Teare says:

      Hi Mark,

      It’s too soon for me to say for sure what will be happening with Watchtower and sites that are using CloudFlare. I’ve been typing a lot so far this morning so please allow me to copy and paste an answer I wrote to The Ponderer earlier today:

      It’s certainly true that once your data leaves 1Password and is placed into the browser, the only thing protecting your username and password when it’s submitted to the website is TLS/SSL, which is what was compromised here.

      With Heartbleed from years ago, it was the server’s TLS/SSL certificate secret that was (potentially) exposed, and this caused a great deal of fear and uncertainty as it meant all future (and in many cases past) communications could be easily decrypted.

      As I mentioned in my reply to LM earlier this morning, I suspect we will be adding several sites to Watchtower as a result of this issue, but it really is too early to tell for sure. I’ve read reports that no SSL/TLS certificates were leaked, and if this is true, then the issue is much smaller than Heartbleed. If SSL/TLS certificates were leaked, then I suspect we’ll be writing up a new post similar to the Heartbleed one from 3 years ago:

      Heartbleed: Imagine no SSL encryption, it’s scary if you try

      Long story short, I’ve spent most of my time looking at this issue through the lens of how it affects 1Password (thankfully our data was not at risk) so it’s hard for me to comment authoritatively yet. Give myself and my team some time to analyze the news as well as the developers of the affected websites time to understand the impact to them and we’ll be sure to post some more information once its available.

      ++dave;

    • Dave Teare
      Dave Teare says:

      Hi Ken! ?

      Thanks for sharing your script with us and the world. ?

      I’m sorry to mask your link but I think it’s an over reaction to recommend every password be changed on every site that uses CloudFlare. As much as I like your script and how crafty you were to recommend our users only export the URL field of their Logins, at this time I just don’t believe we should be recommending people do this for every website[^1].

      Instead we’re adding sites that are known to be affected to Watchtower and we’ve added some already. We’re monitoring a number of news sources and we’re adding sites to Watchtower as soon as companies indicate their customers were at risk.

      In theory we could add every single website to Watchtower, but it doesn’t seem to be an effective way to do things here. CloudFlare protects a huge portion of the internet, supporting millions of websites. And from what we can tell, it appears that only a small percentage of those were ever considered affected.

      From some of the posts I’ve seen, only about 150 customers had data stored in public caches. Now this problem wasn’t just limited to caches, however, so that doesn’t tell the full story. The other numbers we can look at to get a sense of how many domains were affected can be found in CloudFlare’s incident report:

      The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests).

      It’s not easy to wrap our heads around these numbers as CloudFlare serves a lot of traffic so that 0.00003% of requests can quickly grow to affect a lot of domains, but I think it’s fair to say more people were not affected than those who were. It also appears that it only affected sites that used CloudFlare’s email obfuscation, Server-side Excludes and/or Automatic HTTPS Rewrite features.

      The other aspect of this is a website might not be relying solely on SSL/TLS to protect its information. That’s certainly the case for 1Password. I wouldn’t want anyone jumping to conclusions about how we use CloudFlare so I want to extend the same respect to other developers.

      So our plan is to continue to watch and listen. When developers or companies announce they were affected and recommend their customers change their passwords, then we’ll add those sites to Watchtower.

      Take care,

      ++dave;

      [^1] Of course the other concern is your script changes between the time I looked at it and when one of our users downloads it. I’m sure you would never do something like that, but we must be cautious in everything we publish in these comments.

  3. Manfred Pichler
    Manfred Pichler says:

    Thanks for the quick reassurance guys :). Haven’t regretted buying 1Password and it seems it will stay this way. Much love from Austria

    Reply
    • Dave Teare
      Dave Teare says:

      Thank you, Manfred!

      Days like today I wish I lived in Austria or was at least visiting so I could have more time to respond to all the lovely comments here. By time I woke up here in Canada I was well over 20 messages behind, and they’re coming in as fast as I’m answering them! I guess I know what I’ll be doing all day today – good thing I enjoy it ?

      Much love from Canada, ❤️ ?? ?

      ++Dave;

  4. Stefan
    Stefan says:

    Will you add check to Watchtower for sites that are affected? It would be useful regardless of my data being secure within 1Password.

    Thank you for the great work, this blog post did calm me down this morning.

    Reply
    • Dave Teare
      Dave Teare says:

      Thanks Stefan,

      I’m glad Jeff’s post was able to calm you down this morning. He does have a soothing way with words. ?

      As for Watchtower, we absolutely will be adding affected sites. In fact we’ve added some already. We’re monitoring a number of news sources and we’re adding sites to Watchtower as soon as companies indicate their customers were at risk.

      The knee jerk reaction in situations like these is to add every website related to the service. In theory we could do this but CloudFlare protects a huge portion of the internet, supporting millions of websites. And from what we can tell, it appears that only a small percentage of those were ever considered affected.

      From some of the posts I’ve seen, only about 150 customers had data stored in public caches. Now this problem wasn’t just limited to caches, however, so that doesn’t tell the full story. The other numbers we can look at to get a sense of how many domains were affected can be found in CloudFlare’s incident report:

      The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests).

      It’s not easy to wrap our heads around these numbers as CloudFlare serves a lot of traffic so that 0.00003% of requests can quickly grow to affect a lot of domains, but I think it’s fair to say more people were not affected than those who were. It also appears that it only affected sites that used CloudFlare’s email obfuscation, Server-side Excludes and/or Automatic HTTPS Rewrite features.

      The other aspect of this is a website might not be relying solely on SSL/TLS to protect its information. That’s certainly the case for 1Password. I wouldn’t want anyone jumping to conclusions about how we use CloudFlare so I want to extend the same respect to other developers.

      So our plan is to continue to watch and listen. When developers or companies announce they were affected and recommend their customers change their passwords, then we’ll add those sites to Watchtower.

      Take care,

      ++dave;

Newer Comments »

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.