Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 21 Aug 2012 19:04:32 -0500
From: Jeffrey Goldberg <>
Subject: Re: Arstechnica Password article (feat. Matt Weir)

On 2012-08-21, at 2:50 PM, Rich Rumble <> wrote:

> On Tue, Aug 21, 2012 at 3:16 PM, Jeffrey Goldberg <> wrote:
>> Not everyone likes or agrees with the approach that we have taken, but people looking for password managers also have this choice in which password manager architecture they want.
> Do any password managers use "keyfiles" like TrueCrypt or FreeOTFE do,

1Password does, but they aren't "movable" keyfiles. The 1Password AgileKeychain format is a collection of files in a directory structure. The keyfile is encryptionKeys.js (and there are some backups of this content in 1password.keys and .1password.keys).

LastPass is an authentication service, so they have had multi-factor authentication (MFA) for a while.
Neither KeePass nor PasswordSafe use a separate key file.

I can't say that 1Password is the only password manager out there that uses a separate key file (there are lots of things out there, even if we exclude the snake oil from consideration), but it is the only one that I know of.

> so as to to avoid keyloggers?

Our reasons for this design have nothing to do with keyloggers. We wanted a separate file for everything so that we could use file based syncing services. But it does mean that if we were ready to implement something that looked like 2-factor authentication, this would be a way to do so. We could allow for the keyfiles to be stored on a separate device.

For a number of reasons, I would actually prefer key splitting over having the keyfiles in funky places, but what you mention is certainly one way to go with this.

The single biggest reason that we haven't put effort into something MFA-like (either key splitting or a movable key file) is that for ever report of "someone stole my computer; can they decrypt my 1Password data?" we get hundreds of "I forgot my master password" or "my disk crashed and I didn't have backups". Of course we can't do anything for people who have forgotten their master passwords, but I don't want to see orders of magnitudes more of them.

A service based on authentication may be able to have some recovery ability if people lose their keys, but we can't help people recover their data unless we were to also go into the key escrow business (and we don't want to do that).

Before you all say "well put in clear warnings about the dangerous of using MFA" let me remind you that we are trying to provide a good solid tool for ordinary users. Ordinary users will turn every security option and parameter up to 11 no matter what warning and advice we offer. (This is also why we don't make the number of PBKDF2 iterations user configurable either).

But nothing is written in stone. I've outlined why we haven't done MFA-like things to date. Things change (though there are no immediate plans to change this).



Jeffrey Goldberg
Chief Defender Against the Dark Arts @ AgileBits

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.