
1Password Leaks Your Data - _qxtl
http://myers.io/2015/10/22/1password-leaks-your-data/
======
vuchr
I don't get why people are making out this isn't a big issue - people would
assume whatever is saved in the 'vault' is completely encrypted.

You'd never encrypt a password but leave all the filenames/directories
viewable without the password...

(I've noticed this before when grep-ing for a domain, and it came up with
stuff from my 1Password vaults, but couldn't work out a better solution so
still stick with 1password ). Its a shame, because 1password is great in
almost all other aspects.

~~~
SloopJon
WinZip made a similar choice with its encrypted archives: you could see the
list of directories and files before supplying a password.

I would prefer that my account info be encrypted, but I can't use the new
OPVault format, because it requires 1Password 5, which isn't supported on OS X
10.9.

~~~
lqdc13
I think it is just how the .zip format works, not just the WinZip program.
It's very easy to get around that though by double zipping.

~~~
SloopJon
WinZip encryption is an extension to the Zip format that they defined:

[http://www.winzip.com/win/en/aes_info.htm](http://www.winzip.com/win/en/aes_info.htm)

------
remaerd
As an user of 1Password and indie app developer myself. I don't think talking
about this question in YCNews is not a nice gesture.

You are talking about an outdated data format which AgileBit had dropped. They
already provide OPVault to solve the problem. What do you expect they want to
fix?

Some of the readers may only skim the title of this article / They don't
understand the technical details. So they will assume that 1Password IS NOT
SAFE. It's a minor bug which will affects almost no one. But this article (
Title ) will affects so many people's impression on 1Password. You are just
writing an article to punish AgileBit.

(Update: I was wrong about the Agile Keychain being dropped. It's still using
in Dropbox Syncing but iCloud/CloudKit)

~~~
bad_user
I'm a new client of 1Passwords and I bought licenses for OSX, Windows, Android
and iOS because I'm a multi-platform kind of guy. I also have a Linux
workstation and figured that I'll just generate passwords on my phone and then
use the 1Password Everywhere dump on Linux. And I decided to use 1Password
because it has this portable read-only interface.

Are you telling me that I've got a choice between the safety of my data and
dropping functionality for which I paid for? Do you even know if OPVault works
in the Android client? But forget Android, does it work with Dropbox syncing?
Some posts from their forums claims it doesn't.

Also this isn't a bug. It was a conscious design decision. Now I wonder if I
can ask for a refund.

~~~
grey-area
Can't you use wifi sync?

~~~
balu_
There is no linux client to sync too

~~~
calebio
Not a perfect solution by any means but the Windows version runs pretty well
with Wine. Even works with the browser extensions.

I ended up just buying the Windows version because I was so tired of 1Password
Everywhere.

------
gonewest
Of the many password vault tools out there I still prefer ones that store the
data locally, secure with published and and peer-reviewed crypto, sync
directly across devices without uploading to a service. I just don't need the
hassle of discovering belatedly that an online service has leaked any data.
Especially if they are inclined to say it was by design.

~~~
Velox
Perhaps I wasn't clear in the article. This is an entirely optional feature.
If you don't want to store 1Password in Dropbox you don't have to, and you
certainly don't need to have it in your public folder (I'm not sure those are
even a thing any more?). The concern is that if someone has access to your
keychain in any way at all, it is open to this. Perhaps you left your machine
unlocked for a few minutes? Set up a read only network share for friends to
stream movies from you? etc.

~~~
gonewest
I'm not sure I'm following you, but in short I'm not trying to attack this
piece of software. All I'm saying is that I have a particular point of view
and it appears based on the description that this tool isn't the one for me.

------
incanus77
You buried the lede here:

> Well, in December 2012, AgileBits changed the format of their keychain from
> the Agile Keychain, to OPVault. So how is this new format? Well the first
> thing is that you cannot use 1PasswordAnywhere with this format any longer.

And:

> Let me summarise: Do not use the Agile Keychain format. It leaks your data.
> If you are using it, convert it to the OPVault format immediately.

~~~
Velox
I'm not surprised I butchered it. I'm not a writer by any means. If you look
at the few other things I've written, the writing there is just as terrible.
Practice makes perfect though I guess.

~~~
incanus77
I guess what I meant was that you are emphasizing that the old-style format is
what is the problem here, and that it hasn't been the default for three years
now, but the headline makes the scope sound much worse. So saying 1Password as
a whole suffers from this flaw is pretty misleading. I agree it's an issue
that you weren't warned about the need to migrate to the new format.

~~~
Velox
No, the problem is that they have a new format but the OLD one is the default.
It's incredibly difficult to use OPVault as your keychain format if you aren't
on Windows. Even if you are on Windows, you still need to change it every
time.

------
al2o3cr
Funny, the title doesn't pop quite as much when it's replaced with the more
accurate "1Password Leaks Some Metadata When You Upload Your Keychain to
Public Servers".

~~~
Velox
Metadata is still data? Sure, it's not your password, but the title isn't
"1Password Leaks Your Passwords". And it's not just when it's uploaded. It's
when anyone has access to your keychain. The primary feature of a password
manager is that it is supposed to be resistant to attack.

~~~
Laaw
No, metadata is not data. It's metadata.

~~~
aylons
It's data about data. So, still data. The title may be a bit sensationalized
("your data" sound like "all your data", but it really is "some of your
data"), but it is not false.

~~~
Laaw
There's a reason it's not called 'data', is my point. It's false, insofar that
it's not the 'data' you give to 1Password.

~~~
MaulingMonkey
> There's a reason it's not called 'data', is my point.

Is there, actually, in this context? What _is_ the reason you're drawing this
distinction? What makes generated passwords 'data', but password reset urls
and hand-typed entry names 'metadata'?

~~~
Laaw
Because people seem to think everything they do on a computer is or should be
private. It's not and shouldn't be.

~~~
MaulingMonkey
What about everything that is expected to be private, can be made private, has
security implications for not being private, and has no gains for being public
other than "it's slightly less expensive"?

Why _shouldn 't_ my password reset urls be private? They _are_... in the
password database I use.

Why _shouldn 't_ my database entry names be private? They _are_... in the
password database I use.

Are you saying that these things are metadata in 1Password by virtue of the
fact that they weren't secured? Because that would seem like circular
reasoning - that you can never leak data, because leaked data is metadata. I
don't share your definition of metadata in such a case.

Are you saying that these things are metadata in 1Password because they
shouldn't be private? I just plain strongly disagree if so.

Are you saying that these things are metadata because users shouldn't expect a
password database to secure them properly? Then I could at least see where
you're coming from. But I don't think it makes sense to tie the definition of
metadata to that - among other complaints, I think it lets off
companies/software that leak your (meta)data off far too easily, and that such
word games absolve them of too much responsibility.

~~~
Laaw
I didn't say anything of the sort. I said metadata isn't data and just because
metadata is about you/your data, doesn't mean you own it.

I've been intentionally vague so as to discuss this in more macro terms rather
than the specific case as presented here, because I feel there's a panicked
"deer in the headlights" attitude that comes with talking about data and
metadata, and I'd like to try and help folks think a little more rationally
around the topic rather than simply "EVERYTHING RELATED TO ME IS MINE AND
NEEDS TO BE ENCRYPTED AND HIDDEN".

I regularly forget about how closed-minded the HN userbase is when it comes to
privacy.

~~~
MaulingMonkey
> I've been intentionally vague so as to discuss this in more macro terms

You may want to lead with that next time - I'm not the only one attempting to
interpret your vagueness in-context (that is, in the specific case as
presented here) which apparently isn't your intent. Hopefully it'll generate
productive discussion instead of a confused chorus attempting to clarify
terminology.

> I feel there's a panicked "deer in the headlights" attitude that comes with
> talking about data and metadata

Are you seeing that in this thread? Or is this more of a generalized feeling
of HN? Or of the internet?

I feel like I'm mostly seeing discussions about what specific data was
involved, what alternatives are out there, and the severity and history of the
problem (which I'm seeing as mostly "not as severe as your initial kneejerk to
the title might imply, but not ideal either" \- pretty levelheaded and
accurate, IMO?)

None of them seemed particularly frozen, unable to move forwards, or panicking
beyond the time it took them to evaluate what specific (meta)data was leaking
- to me, at least. And given that password databases secure the keys to the
castle, so to speak, I'm not sure a little panicking isn't warranted in this
specific context.

> I regularly forget about how closed-minded the HN userbase is when it comes
> to privacy.

If that's in response to this thread, keep in mind that, in-context, the
"privacy" many professionals in here are concerned about, is the "privacy" of
their amazon account keys, to avoid their servers being subverted into part of
a malware distribution botnet. And the "privacy" of their user database - to
avoid the reputation hit that comes when all your customer's passwords are
cracked, and their inboxes are flooded with porn spam. I think it'd be a
mistake to overgeneralize that response.

~~~
Laaw
What you've just done to my comment is common on the Internet, but extremely
harmful to an intelligent discourse. I wrote what I did all together because
each sentence informs and provides context for the others. In isolation, each
sentence may carry a different meaning than if they're grouped.

In the future, remember this when you decide to dissect someone's writing.

~~~
MaulingMonkey
The sentences are still grouped together immediately above my post - in your
post. This isn't some blog post quoting snippets from some other link, or a
book quoting sections from another resource. I also strongly disagree that
these things are inherently harmful, if that's what you're indeed saying. They
can be misused to harmful ends, to be sure - but what would you have me do,
ditch quotes entirely? Quote only entire books? Chapters?

Quoting entire paragraphs may not be sufficient to provide proper context, and
especially if being willfully misinterpreted, can be potentially harmful.

But well intentioned quotes, immediately under a post providing them in their
full context - which is the case in my post you replied to? I'm hard pressed
to see that as distorting your meaning and harming discourse. If you have
specific grievances as to how I have, _please_ state them. If my understanding
is distorted, there is harm to discourse regardless of whether or not it's
visible in the form of distorted quotes.

The many questions I'm asking are my attempts at understanding the context of
your statements, to avoid such distortions. The couple that you've answered
have clarified some things. A couple more have been mooted by indirect
responses. Many others are still relevant and unanswered.

Even now, I'm a bit unsure if you're saying that I've done harm, in the
specific post I made that you were responding to - or if you're making vague
generalizations again, this time about sentence level quoting on the internet
in general. I'm assuming the former for now - but please correct me if I'm
wrong. I would ask, but that's clearly not working out for me.

~~~
Laaw
Last word.

------
aidos
Not defending it but this was always a known, though not massively publicised,
issue with the 1password format.

I seem to recall that the original justification was that it allowed for
checking to see if 1p had a login for the current site without having to ask
for your password to decrypt the db.

My understanding is that the new format addresses the issue, but it hasn't
been rolled out to the dropbox sync yet.

Hopefully the noise here will push that ticket to the top of their priority
list :)

[http://taoofmac.com/space/blog/2011/04/28/2233](http://taoofmac.com/space/blog/2011/04/28/2233)

~~~
Velox
That's the hope with the noise. Agile keychain is old and shouldn't be used. I
just want them to use OPVault by default and tell users the risks they take
with Agile keychain.

------
rcarmo
Wrote about that back in 2011. Surprised to see it's still an issue, really -
I changed formats, but there's no reason for the JS to still work that way.

[http://taoofmac.com/space/blog/2011/04/28/2233](http://taoofmac.com/space/blog/2011/04/28/2233)

(edit: Just noticed that someone else also linked to my blog post further
down. Apologies for the redundancy.)

------
homakov
What's also bad is it's under shared origin dl-web.dropbox.com so some kind of
persistent XSS or cross window JS can leak all your passwords.

------
raz32dust
Why don't people just use KeePassX? Are these paid solutions worth it when you
have a decent open source alternative?

~~~
dombili
If by people you mean "Hacker News crowd", I don't know.

If by people you mean "people in general", just look at their respective
website. The answer is rather obvious.

I contemplated over which password manager to use before deciding on 1Password
simply because of its simplicity and usability. I try to be as aware of my
privacy and security as possible and even though I was aware of this leak
beforehand, I went with 1Password anyway.

"Hacker News crowd" (to be clear, I'm not using this in a derogatory way)
usually think about security in terms of how things work technically, but
practicality is just as important. If some piece of software is secure but not
usable, that doesn't do any good to the user.

KeePassX is plain ugly, has a terrible website that doesn't give any
confidence and scares the user by giving them technical details right out of
the gate (check their website). I get that it's open source, it's free,
probably more secure than 1Password and they most likely don't have enough
income to hire as talented designers as AgileBits already employ, but that
just doesn't matter to the user.

~~~
tptacek
What makes you believe KeePassX is "probably more secure" than 1Password? I
have the opposite impression.

~~~
therealmarv
Opposite impression based on what?

~~~
tptacek
More than a hunch.

~~~
sillysaurus3
You just slandered a security product based on nothing.

That wouldn't be a problem if you didn't have a bunch of followers who believe
every word you say. But you do, because your analyses are usually decent
quality.

~~~
tptacek
I almost wrote a comment correcting you, but realized I'd just be feeding the
drama you're hoping to generate. No.

~~~
sillysaurus3
Why would I be hoping to generate drama? Your behavior is very confusing.

I was disappointed that you had something to say about that password vault,
and then didn't say it. You opted for this weird gray area of "I have more
than a hunch it's less secure than 1Password." Huh?

Maybe you have nothing to say. It's really strange to see you drop to hunches
from substance.

One of the best pieces of advice I found on HN was when someone told me to
unplug. It helped me a lot. When you start to see everyone as a troll, it
might be time to step back a bit.

------
m1keil
Before you run migrating to OPVault do note that at this moment it is not
supported on the Android app.

------
dr_win
I had different issue with their 'secondary vault' feature. Adding additional
vaults as your secondary vaults is not just UI thing.

ADDING A SECONDARY VAULT EFFECTIVELY MEANS STORING MASTER PASSWORD OF YOUR
SECONDARY VAULT IN YOUR PRIMARY VAULT!

This was confirmed by their support as a reply to my email below. It is better
for UX, but it is not explained properly IMO.

Theoretically you could get burnt in scenario when you use personal primary
vault with some weak-ish password and add your super-important employer's
vault as a secondary vault for convenience. You effectively make super-
important vault as weak as your weak-ish master password of your primary vault
(without knowing).

My email back in March 2014 (shortened):

I somehow ended up in situation where 1Password pretends to keep my data safe
but does not require password for unlocking secondary vault as long as I have
unlocked the primary vault. If I don't unlock primary vault and switch to the
secondary vault first, the correct secondary master password is required.
[Contrary switching to primary vault while having unlocked secondary vault
requires me to enter primary master password to unlock it (expected
behaviour)]. This behaviour is exhibited in 1Password.app, 1Password mini and
chrome plugin.

I'm a developer. I have just read all the documentation available on your site
[http://help.agilebits.com](http://help.agilebits.com) just to better
understand the system and reason about it. And I cannot really explain this
behaviour. 1Password should not know how to unlock my secondary vault without
my secondary master password (unless it caches the master password somewhere
behind my back) OR my secondary agilekeychain file is not really encrypted,
but UI pretends it is, because it requires correct master password (when I go
and want to see the secondary vault without unlocking the primary vault
first). I noticed this behaviour only recently I think originally this worked
just fine. This hiccup could be caused by latest update or my upgrade to
1Password4 a few months ago.

------
jpgoldberg
Hello all, I'm the Chief Defender Against the Dark Arts at AgileBits, the
makers of 1Password.

The discussion and analysis in Dale Myers' article is very good, although
someone who just reads the headline could very easily come away with the wrong
impression.

The "older" .agilekeychain format (AKF) — designed nearly a decade ago – does
indeed expose the same sorts of information that would be in someone's browser
bookmarks. So if someone gets hold of your AKF data they will be able to see
what sites you have Logins for and what titles you have for your items.

Given the constraints we faced back then, that might have been a reasonable
design choice at the time. But it is certainly not an acceptable design choice
today.

The article does point out that that the OPVault data format was introduced as
a replacement for the AKF back in December 2012. The OPVault format not only
encrypts much more of the metadata, but it also provides for authenticated
encryption and includes many other improvements.

The article also points out that the behavior of the AKF "discovered" is
documented in many places. We've blogged about it, we've talked about it on
our discussion forums and it is in the docs. What isn't in place is some big
red letters in the user interface that says "Using this format leaves URLs and
Titles unencrypted".

Dale Myers' article also correctly points out that we do offer instructions on
how to migrate your data from the Agile Keychain format to OPVault.

The article criticizes us for (a) Not making OPVault the default for new
Dropbox synching, and (b) Not providing a nice easy way to migrate

Obviously we would love to see everyone on the new data format. It is a big
improvement over the old one in an enormous number of respects, but until we
can be confident that everyone is running clients on all of their platforms
that can handle the new format, we are treating migration as an "expert only"
thing.

Rolling out a data format change when you have one "product" and one platform
is easy. But we need to make make sure that people are using versions (and
that such versions are available) of 1Password that handle the new format on
all of the devices that they sync with.

So if we were to make OPVault the default sync format on Mac, we would need to
know that the 1Password app people are using on Windows. We have been
conservative about this.

Also, in our beta testing of data migration, we discovered a nasty bug in how
we encoded keys for the some attachments. The result is that some of our beta
testers would have lost data if they had not had good backups of their AKF
data. Obviously, that is not something we wanted to push into general release.
(Only attachments created in specific circumstances were victims of that, so
we didn't spot it in internal testing.)

Now you may very well disagree with some of our judgement calls, particularly
about how cautious we have been and continue to be in migrating people to the
new format. But I hope that even if you do disagree, you will see that there
are reasons for our choices.

~~~
tesmar2
Security is your thing. I think when it comes to protecting your user's data
vs inconveniencing them, you should inconvenience them. This will make us
trust you more vs creating a new database format almost 3 years ago which
fixes some of the security bugs of the old one and expecting only the experts
to figure it out. Please make it the default.

~~~
wclark
"I think when it comes to protecting your user's data vs inconveniencing them,
you should inconvenience them."

I'd rather they protect their user's data. ;)

~~~
tesmar2
I poorly worded it :).

I'd rather be inconvenienced if I know my data is safer.

------
746F7475
So the threat is that if someone hacks Dropbox and gains accesss to your
Dropbox they can read which sites you visit?

Wouldn't this be "self fixing" problem, if you use 1Password to comeup with a
secure Dropbox password?

Obviously this isn't ideal situation, but I see no reason to switch away from
1Password and currently I don't even know where I would go from 1Password. I
jumped from LastPass to 1Password since I want to have access to my passwords
on mobile devices without paying a yearly fee and now that LastPass has been
acquired by LogMeIn I'm in no hurry to jump back. And I don't know if
opensource managers like KeepPass have mobile support.

~~~
FooBarWidget
Another problem is that _Dropbox_ can see which sites you are visiting.

~~~
746F7475
And? If you use Facebook, Twitter, G+ or Google Chrome you are already
broadcasting every site you visit

------
keeper
This is why Keeper uses zero-knowledge encryption. Our CTO, Craig Lurey, wrote
more about data leakage here:
[https://blog.keepersecurity.com/tech/2015/10/23/dont-be-
leak...](https://blog.keepersecurity.com/tech/2015/10/23/dont-be-leaky-
password-management-privacy/) We're assisting any adversely affect customers
who are interested in migrating to Keeper and offering 50% off worldwide
(except 5 countries). Just shoot a note to sales@keepersecurity.com

------
dombili
I noticed the same issue awhile back, but I didn't make a big deal out of it
thinking I had no other choice. Good to know they have another format that
limits the leak of metadata. Thanks for the post.

------
rdl
Ouch. 1Password is probably the best usable password manager today; they can
do better in a few areas, including this. Another area would be putting
blessing/device keys on each device on top of a password, because I don't
trust a passphrase alone, and many platforms are getting trusted computing
features -- you have a slow process to put a device key on each thing, which
is then entangled with your passphrase to decrypt. You could even do a hw
token, too. Another area they could improve is network sync -- I don't trust
iCloud or Dropbox, and wifi-sync is a pain, so supporting WebDAV or some other
open format they could develop would be a lot better.

Long tangential digression:

My personal design goal is to maximize the number of distinct entities which
have to collude to cause me serious harm.

Pure online SaaS is often very bad. There are cases where the risk is
acceptable, but "here, maintain a password list" is not one of them. The
"shared google sheet full of password" is a great example of this. Evernote is
another example. I avoid these wherever possible.

Systems like LastPass where the binary is distributed by an entity every time
I use it, and then talks to that same entity for the backend, are are better,
but still bad. Hushmail was the canonical honeypot of this type -- download a
java applet after logging in...

A long-lived binary (standard client software) talking to servers operated by
that entity is better. Swapping the binary out is more detectable, and harder
to do for a single user. iOS apps are probably the best for this right now,
since Apple is sort of a semi-trusted intermediary here. You'd at least have a
shot of catching the compromise after the fact.

Client software which talks to servers run by separate third parties is
better. e.g. 1P using iCloud/Dropbox. It is better as the set of third parties
is bigger and more diverse.

The ideal is being able to run client/server on your own platforms. Being able
to run a cloud storage service (e.g. AeroFS) entirely on your own private
network is ideal.

Open source on top of this is great, but in reality independence of operating
the services is worth more. An open standard with multiple implementations,
many of which are open source, would be meaningful, but merely publishing
source code isn't as meaningful, at least without verifiable/repeatable builds
and a good runtime level matching.

------
dantiberian
The part I don't understand about all of this, is how this information becomes
public when it's stored in Dropbox? My understanding is unless you create a
sharing link for it, it will be privately stored in your Dropbox.

~~~
why-el
You can also put things in the public folder. No idea why you'd do it though.
Perhaps you store your Dropbox password itself in 1Password and therefore you
don't have access to it when you are away from your devices, hence the need
for a public and open link. (you still need to remember the public link to the
keychain though)

------
HaloZero
It seems content.js at least for me is still hashes of passwords and not the
passwords themselves, perhaps you need to open the website to have it be
decrypted and saved in content.js?

~~~
Velox
Correct. The passwords are not breached in any way. It's the metadata that is
the leak, and that alone can be enough to compromise accounts.

------
bdcravens
The only place I've ever used that was inside of Dropbox's web interface,
where I'd have to first be logged in. Is it a common use case where it'd truly
be public?

~~~
why-el
Not common, but what you said means you remember your Dropbox's password so I
guess it is not in 1Password.

------
kobayashi
Great job finding and writing this. I didn't find your writing to be shit,
unlike another user here. I felt it was clear and succinct, without being
sensationalist.

Edit: like -> unlike

------
IBM
Does this only happen if you use Dropbox? What if you use iCloud?

~~~
orkoden
It makes no difference if you use Dropbox or iCloud. It depends on the file
format.

~~~
grey-area
Incorrect, according to 1Password:

[https://support.1password.com/switch-to-
opvault/](https://support.1password.com/switch-to-opvault/)

------
pinkano
Hmm.. reading all the time about hacks and data leaks from password managers.
Never heard of one while using Sticky Password. Hope they won't get hacked.

------
grey-area
For those using 1Password, this isn't as bad as the headline implies.

1\. This doesn't apply to local data

2\. This applies to metadata, rather than passwords

3\. This only applies to an old vault format changed in 2012 used for syncing
via external servers [edit, specifically dropbox or folder sync, still in use
for that it seems]

So 1Password leaks your metadata if you use the old vault format from 2012 and
upload your passwords to a public service (or share them some other way), but
that's perhaps not such an upworthy headline.

Personally I would use local wifi sync and keep your data local, whatever
password manager you're using.

~~~
orkoden
The problem is this "old" file format is the default still today.

~~~
grey-area
Only for remote files, and only if you choose to sync your files to a remote
folder which is not icloud ( Dropbox and Folder Sync), it's not used for local
data is it, and only for remote data (if you choose to do that) for certain
services?

[https://support.1password.com/switch-to-
opvault/](https://support.1password.com/switch-to-opvault/)

------
therealmarv
Does somebody know if Chrome sync with passwordphrase also encrypts the url?
I'm not 100% sure... this is why I'm asking.

------
balu_
An other reason why it's sad that Agile Bits does support Droppbox but not
Webdav or any other selfhosted sync option

------
kobayashi
Do we need be concerned about previous .1p4_zip backup files? I just changed
to .OPVault file format.

------
tesmar2
Anyone here use Enpass? What is your experience?

~~~
csixty4
I've played with it a little. I'm curious because it's so cross-platform (I
use Mac, Windows 10, iOS, and Windows Phone), yet has a really slick UI like
1Password. It seems about on par with 1Password so far, but like I said I've
only used it a little.

I'll try to remember to poke around the data files this week if I get a
chance.

------
bunnybender
"1Password Leaks Your Data was published on October 22, 2015 by Dale Myers."

Yet more proof of time travellers..

~~~
rabbyte
In the future, we might not want you talking about us.

