Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Do you have a reference for this?

I ask because when you drag an attachment to a entry, it states: "The file has been added as a secure attachment."

Leading me to believe it's encrypted (along with everything else in the entry...).



   ~/Library/Application Support/1Password/1Password.agilekeychain/data/default/
Only the password itself is encrypted. Everything else is just sitting there in JSON.

   ~/Library/Application Support/1Password/1Password.agilekeychain/a/default/files
The attached files do appear to be encrypted, but I don't know how well. The names of the files aren't however, and they may be enough to expose or incriminate you.


Thanks for the paths. I've made some entries and checked what gets encrypted and seems some items in addition to the password are encrypted.

I'm seeing the 'Username' and 'Note' fields for example, for Login items as encrypted.

I found a summary[1] of why/what gets encrypted under "Individual Entry Contents".

[1]: http://help.agilebits.com/1Password3/agile_keychain_design.h...


See this discussion [1] for example where they say this explicitly. Passwords and logins and other sensitive details are encrypted, but item titles (including note titles) and URLs are not.

They have a new keychain design [2] in which most metadata (including item titles) is encrypted. This is currently used for iCloud syncing, and they plan to roll it out for other sync methods and perhaps local storage as well [1]. I am guessing this will happen in the new OS X version.

[1] http://discussions.agilebits.com/discussion/12237/metadata-i...

[2] http://learn.agilebits.com/1Password4/Security/keychain-desi...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: