More than five years ago, we offered some advice on picking a good Master Password in Toward Better Master Passwords. So it is important you pick a good Master Password. Now we make heavy use of PBKDF2 to slow down automated Master Password guessing in the event that the 1Password data is captured, but PBKDF2 and the like only present a speed bump to the attacker it does not provide a solid barrier. It is possible for the data to be stolen, and this is why it is encrypted with keys that are encrypted with keys that are derived from your Master Password. Whether it is stolen from their own computers (someone walks off with a laptop) or from something like Dropbox doesn't really matter.
We designed 1Password under the assumption that some people would have their encrypted 1Password data stolen. The long answer is just an explanation of the short answer and a couple of other things. The safety of your 1Password data on Dropbox depends on the quality of your 1Password Master Password.
Disclosure: I work for AgileBits, the makers of 1Password.
0 kommentar(er)
