AgileBits Releases '1Password' Version 4

[opq]

Quote:

Originally Posted by dolphin842

Excellent, thanks!



Apple makes its money in hardware, so they can subsidize the cost of developing software. Ask most independent developers who make apps for a living... they know that unless your user base is growing significantly every year (which increases support costs, etc.), it's unsustainable to sell an app once and support it for years. The LastPass model (small, recurring subscriptions) is much more sustainable and I wouldn't be surprised if most software moves to that model in the future.

The store around the block charging me $10 for a sushi combo, where 30% goes to the govt as business tax right away. Then there are the cost of materials, plus labor, plus rent, plus hydro/gas/etc, plus furniture.

It doesn't cost developers selling on the App Store a cent more to sell an extra copy, whereas it does cost more to sell a second sushi combo. Yet the store around the block still thrives.

I don't mind the Flight Control or Angry Birds model. Give me a new version (an actual new version, not just a coat of paint) and I'll happily pay for a new version.

I'm not saying subscriptions or paid upgrades themselves are inherently bad, just the amounts being charged. I know Apple is a much bigger operation that could afford to charge $10 for Pages, or $20 for Mountain Lion, but the sushi store around the block is just as much independent as a small time developer is. I guess at $7.99 I could understand, but the notion that they'll charge $17.99 after the 'sale'...

[aristobrat]

Quote:

Originally Posted by opq

The store around the block charging me $10 for a sushi combo, where 30% goes to the govt as business tax right away. Then there are the cost of materials, plus labor, plus rent, plus hydro/gas/etc, plus furniture.

It doesn't cost developers selling on the App Store a cent more to sell an extra copy, whereas it does cost more to sell a second sushi combo. Yet the store around the block still thrives.

Developers selling in the App Store don't get repeat customers like your store around the block does.

If you like the sushi combo, you'll be back to that shop to purchase it again. If you eat at the shop twice a month, even if he only nets $3 after the cost of materials/labor/rent/water/gas/etc, your repeat business will earn the owner $72 in a year.

If you like a piece of software, you're not going to be back to purchase that same version again. So even though it may not cost the developer anything to sell additional copies (which isn't the case, IMO), that developer isn't going to earn any additional money from you.

Your store around the block would be out of business within a month if faced with the same model that software developers work with!

[forza69]

I haven't read any post, so I was wondering what the difference between 1Password and 1Password Pro is. Which is better? I currently have 1Password Pro and I'm wondering if I should buy the new version now since its at a discount price.

[knucklehead]

Quote:

Originally Posted by opq

Give me a new version (an actual new version, not just a coat of paint) and I'll happily pay for a new version.

There could be a good argument made that the actual "new version" was 3.6.5, as mentioned a few posts above. You got that for free...

I'm glad someone is is actually working on this stuff for me, and I'm willing to pay then to continue to do so.

[opq]

Quote:

Originally Posted by knucklehead

There could be a good argument made that the actual "new version" was 3.6.5, as mentioned a few posts above. You got that for free...

I'm glad someone is is actually working on this stuff for me, and I'm willing to pay then to continue to do so.

Did I? According to their blog, that version came out Apr 9th 2012 (http://blog.agilebits.com/2012/04/09...kdf2-goodness/), I purchased the app mid June 2012 for $11.99. My credit card statement shows I definitely didn't get it for free :\

[knucklehead]

Quote:

Originally Posted by opq

Did I? According to their blog, that version came out Apr 9th 2012 (http://blog.agilebits.com/2012/04/09...kdf2-goodness/), I purchased the app mid June 2012 for $11.99. My credit card statement shows I definitely didn't get it for free :\

It was a free upgrade ...

Hey - I've been a long time user of this app, and have griped a bit about the cost at times too ... (not really sure what I've spent total on all this)

Thing is, they need to get continuing revenue somehow to keep developing the program, and they have only so many options to do so selling though Apple. You just hopped on the train at an unfortunate time for the short term cost.

There are other options for password managers. AgileBits hasn't driven me away yet with the overall longterm cost/benefit ratio --- but let me know if you find a better option --- I'm open

[opq]

Quote:

Originally Posted by knucklehead

It was a free upgrade ...

Hey - I've been a long time user of this app, and have griped a bit about the cost at times too ... (not really sure what I've spent total on all this)

Thing is, they need to get continuing revenue somehow to keep developing the program, and they have only so many options to do so selling though Apple. You just hopped on the train at an unfortunate time for the short term cost.

There are other options for password managers. AgileBits hasn't driven me away yet with the overall longterm cost/benefit ratio --- but let me know if you find a better option --- I'm open

For people who bought in before the 'free upgrade' then yes. I was trying to put a spin on the fact that I didn't buy before that 'free upgrade' so I didn't get the said free upgrade.

[m00min]

Urgh! I haven't actually used the app yet but I wanted to take advantage of the upgrade price. I really wish I hadn't. The incorrect system requirements was annoying but I figured I could use v4 on my iPad and stick with v3 on my iPhone.

Guess again. NO WAY AM I SYNCING SENSITIVE DATA VIA A CLOUD! Why is the removal of wifi syncing not made clear on the AppStore info?

Someone's already pointed out the flaw in using a cloud service to sync so I won't repeat it. I take my customers data very seriously so sadly I think I will have to start looking for an alternative password storage system. A shame as I've been using 1Password for years.

For the first time ever I will be looking into applying for a refund from the AppStore.

[obtutus]

Another interesting read:
http://www.informationweek.com/secur...ager/232602738

[Razeus]

Quote:

Originally Posted by Ishimaru

It's really sad that people think $8 is expensive, yet have an iPhone that cost them at least $99 or more. If you were a developer of software, wouldn't you want to get paid for your work? Do you really think selling your app for $.99 is going to pay all your bills? It's dumb that people think everything should be $.99 and everything else is "expensive". Give me a break people. If you can't afford it, you shouldn't be using an iPhone or you should get a better job that pays you more. Hell, you pay $10+ just to go see a movie in the theaters. Let's not think like children who think everything is entitled to them, and think like adults with some common sense.

It's not that it's expensive. It's just that they didn't do anything that makes the app BETTER. UI upgrade is just a facelift. That's all fine and dandy, but the program still performs as it always does. iCloud syncing should be free update, frankly, but I use Dropbox so it's a non issue for me. Favorites? I already have that because I created a folder for these...

If you can sit there and list what version 4 does BETTER than version 3.x.x, then I'm all ears.

I would have LOVED to see tighter integration with the Safari iPhone browser so I don't have to use the built in Agile browser. But they didn't do that, unfortunately. I would have loved to see 256-bit security or stronger security measures. I would have loved for them to NOT have the Agile keychain sitting at the base level of my Dropbox folder and allow me to put it in my "Applications" folder, because this just messes up my OCD folder structure.

Until the Mac version is released, this is a no sale. Even then, if the Mac version is also a facelift (especially for $50), then we have 2 no sales on our hands.

[AGJamie]

Quote:

Originally Posted by Razeus

It's not that it's expensive. It's just that they didn't do anything that makes the app BETTER. UI upgrade is just a facelift. That's all fine and dandy, but the program still performs as it always does. iCloud syncing should be free update, frankly, but I use Dropbox so it's a non issue for me. Favorites? I already have that because I created a folder for these...

If you can sit there and list what version 4 does BETTER than version 3.x.x, then I'm all ears.

Here's a list

Things like having the password generator everywhere you'd need it is a huge improvement. Sync is vastly improved and the brilliant heroics Roustem put into its conception was simply jaw-dropping when I first saw it.

The other thing that's massive for many users is the ability to view items' attachments. Roustem again did some amazing things here to make it possible to decrypt even large attachments without overly taxing the system's resources, i.e. 1Password would crash if it had to load an entire attachment into memory to decrypt it. Roustem made sure that this wasn't required.

Quote:

I would have LOVED to see tighter integration with the Safari iPhone browser so I don't have to use the built in Agile browser. But they didn't do that, unfortunately.

Sadly, this isn't possible. We have some cool ideas for how to expand 1Password's reach in the future, but I have to keep a lid on those for now.

Quote:

I would have loved to see 256-bit security or stronger security measures.

We should be making a bigger deal of this, but we're still working on writing it up. 1Password 4 does indeed use 256-bit keys. While 128-bit keys protected by a strong master password would take trillions of years to brute force attack, we wanted to make it future-proof and now that the iOS hardware supports it without sacrificing performance, we upped the ante.

Also, in the old data format (and the format still used by 1Password on the other platforms right now except the browser extensions; we're working to move this data format ahead to other platforms soon.) some non-critical data was left unencrypted like the title and location. This was a performance compromise that we're eager to leave behind as we move forward.

In addition to this, we've added HMAC authentication for encryption and a unique details key for every entry. This is heady stuff that causes even my head to swim after a while (I'm glad we have people on our team that speak this stuff fluently…), but it's critical to make sure that everything is kosher between 1Password's attempts to access the data from disk. That's new in 1Password 4.

Quote:

I would have loved for them to NOT have the Agile keychain sitting at the base level of my Dropbox folder and allow me to put it in my "Applications" folder, because this just messes up my OCD folder structure.

We tried this initially, using Dropbox's sandboxed applications folder, but some users needed to put the data into a location that they could then share with another Dropbox user. The current default is Dropbox/1Password/1Password.agilekeychain and that seems to have been a good middle ground. Not everyone loves it, but for now, it's the best approach.

Quote:

Until the Mac version is released, this is a no sale. Even then, if the Mac version is also a facelift (especially for $50), then we have 2 no sales on our hands.

If you purchased the Mac version from the Mac App Store, the upgrade will be free for you when 1Password 4 is released. (We don't have a timeframe to share about that right now. We're still handling the surge from the iOS release. ) For those who purchased from our online store directly, the current plan is for it to be a paid upgrade.

I hope this information helps.

--
Jamie Phelps
Code Wrangler @ AgileBits

----------

Quote:

Originally Posted by obtutus

Another interesting read:
http://www.informationweek.com/secur...ager/232602738

I'd like to add that the security improvements I mentioned above should address all of the concerns Elcomsoft raised. This was a very important report and we're grateful to Elcomsoft for their work in making sure that things are the best they can be.

----------

Quote:

Originally Posted by m00min

I figured I could use v4 on my iPad and stick with v3 on my iPhone.

You can still use both versions. Syncing is only via Dropbox for this setup, but it does work.

Quote:

Guess again. NO WAY AM I SYNCING SENSITIVE DATA VIA A CLOUD! Why is the removal of wifi syncing not made clear on the AppStore info?

The vast majority of our users are syncing via Dropbox already. Wi-Fi Sync has been removed from 1Password 4 for iOS because, honestly, it was not a great customer experience. It was difficult to set up, and more so, difficult for many customers to maintain. The app on the Mac and the iOS device would need to be open simultaneously, and it was a very manual process.

Also, if the Wi-Fi network's information changed, sync would break completely. You have no idea how many routers we've asked customers to reboot!

Cloud syncing via iCloud (iOS for now, Mac soon) and Dropbox is effortless and automatic. It provides the best experience for customers because it is consistent, fast, and reliable.

If the cloud is not your cup of tea, we have added iTunes File Sharing. iTunes File Sharing works over USB or iTunes' built-in Wi-Fi Sync for your device. It skips the Internet entirely and connects either directly to your computer, or at most over your local wireless network. You can get started with iTunes File Sharing here.

Quote:

Someone's already pointed out the flaw in using a cloud service to sync so I won't repeat it. I take my customers data very seriously so sadly I think I will have to start looking for an alternative password storage system. A shame as I've been using 1Password for years.

You're very right to be concerned about the security of your data! We're equally concerned to keep your data secure. We've written a dedicated document to describe how [this is secure](http://help.agilebits.com/1Password3..._security.html) but the short version is that your data is encrypted before being sent to the cloud. If you have a strong master password, it would still take an attacker trillions of years to brute force attack your data file even if the cloud storage were somehow breached.

I hope this helps!

--
Jamie Phelps
Code Wrangler @ AgileBits

----------

Quote:

Originally Posted by forza69

I haven't read any post, so I was wondering what the difference between 1Password and 1Password Pro is. Which is better? I currently have 1Password Pro and I'm wondering if I should buy the new version now since its at a discount price.

1Password Pro was 1Password 3's universal app. It has the same features as the standalone iPhone and iPad apps but in one application for a reduced price. 1Password 4 is a whole new app to replace all of the 1Password versions we had before. It's universal for iPhone and iPad interface and only one app. We learned a lot about the confusion the previous approach could cause so we know this is the right move.

You can [read about what's new](http://learn.agilebits.com/1Password...y-upgrade.html) and decide if it's a compelling upgrade for you. If not, you can continue to use 1Password 3 for as long as your device will run it and it'll be available for you to redownload from the App Store's "Purchased" section.

--
Jamie Phelps
Code Wrangler @ AgileBits

[Razeus]

Thank you AGJaime. That was insightful to my concerns. It's nice to have a dev drop in and tell us these things and clear things up. I'm certainty looking forward to read the blog about the upgrade to 256-bit encryption since it's not on your feature list.

edit: oops, I see the 256-bit blurb now.

[AGJamie]

Quote:

Originally Posted by Razeus

Thank you AGJaime. That was insightful to my concerns. It's nice to have a dev drop in and tell us these things and clear things up.

My pleasure! I love talking to our amazing users.

Quote:

I'm certainty looking forward to read the blog about the upgrade to 256-bit encryption since it's not on your feature list.

Our Chief Defender Against the Dark Arts Jeff (Some of you might know him from his amazing and dense blog posts.) is hard at work on documenting the improved security aspects of 1Password 4. I will come back here and share a link when it's ready.

[lhotka]

Quote:

Originally Posted by AGJamie

The vast majority of our users are syncing via Dropbox already. Wi-Fi Sync has been removed from 1Password 4 for iOS because, honestly, it was not a great customer experience. It was difficult to set up, and more so, difficult for many customers to maintain. The app on the Mac and the iOS device would need to be open simultaneously, and it was a very manual process.

Also, if the Wi-Fi network's information changed, sync would break completely. You have no idea how many routers we've asked customers to reboot!

Cloud syncing via iCloud (iOS for now, Mac soon) and Dropbox is effortless and automatic. It provides the best experience for customers because it is consistent, fast, and reliable.

If the cloud is not your cup of tea, we have added iTunes File Sharing. iTunes File Sharing works over USB or iTunes' built-in Wi-Fi Sync for your device. It skips the Internet entirely and connects either directly to your computer, or at most over your local wireless network. You can get started with iTunes File Sharing here.

--
Jamie Phelps
Code Wrangler @ AgileBits

Then the majority of your users are blind to the security risks - and frankly, your attitude makes me question your staff's entire approach to security (though I notice you didn't include secure in the list of dropbox advantages). Oh, and by the way, there's some good evidence that AES-128 is *more* secure than 256: http://www.schneier.com/blog/archive...r_new_aes.html


The threat model here is very real - dropbox has had a number of issues that exposed user data to both internal and external users. All it takes at that point is a single flaw in your encryption scheme to expose an entire password file (and given some of the papers linked to earlier here in the forum, it appears that your system may indeed have some flaws). And password files, while they may be a hard target, have a high value when compromised.


And please, STOP CALLING IT SYNC. The iTunes file transfer is NOT A SYNC. It's a one-way complete database replacement (though from your terrible online help and broken wizard, that's completely unclear). Continuing to do so is false advertising.

If it were a true sync, then it would be a clunky, but potentially usable replacement. Until you have password level, bi-directional syncing (i.e. what wi-fi sync does), it's not an option.

I've watched 1Password go down the tubes over the past few years.

[d21mike]

I decided to go ahead and get the Mac 3.9 Version and wanted to share my results.

I generally do all of this kind of maintenance work on my desktop and not my iOS Device (sitting at my desk most of the day). So instead of waiting for the Mac v4 I went with 3.9 which works well. I entered all of my data and then copied that to the iTunes icon. I then did a Sync with my iPad. I then turned on iPad Sync with iCloud and it then Synced with my iPad Mini and iPhone. I will continue this until the Mac v4 is released.

Very nice product.

[AGJamie]

Quote:

Originally Posted by d21mike

I decided to go ahead and get the Mac 3.9 Version and wanted to share my results.

I generally do all of this kind of maintenance work on my desktop and not my iOS Device (sitting at my desk most of the day). So instead of waiting for the Mac v4 I went with 3.9 which works well. I entered all of my data and then copied that to the iTunes icon. I then did a Sync with my iPad. I then turned on iPad Sync with iCloud and it then Synced with my iPad Mini and iPhone. I will continue this until the Mac v4 is released.

Very nice product.

Thanks for the kind words! I'm glad that's working for you. This will be an effective solution for you I feel, but just keep in mind that moving data via iTunes is a replace operation, so if you make all your changes on the desktop only or vice versa, it will work great.

[AGJamie]

Quote:

Originally Posted by lhotka

Then the majority of your users are blind to the security risks - and frankly, your attitude makes me question your staff's entire approach to security (though I notice you didn't include secure in the list of dropbox advantages).

You're welcome to your opinion on this. If you choose not to sync your data to the cloud, that's fine. We don't force it on anyone, but we want our users to have all the information to make the best decision for them. This is one of the ways that we're different from some of our competitors. The cloud is available but not required.

Quote:

Oh, and by the way, there's some good evidence that AES-128 is *more* secure than 256: http://www.schneier.com/blog/archive...r_new_aes.html

Yes, we're aware of that research, but the debate is still going and as Bruce points out in the post, there are some very specific conditions that have to be met in order for that issue to even arise, and it's not applicable to full AES-256, only 11-round. We're confident in the decision to go to 256-bit keys.

Quote:

The threat model here is very real - dropbox has had a number of issues that exposed user data to both internal and external users. All it takes at that point is a single flaw in your encryption scheme to expose an entire password file (and given some of the papers linked to earlier here in the forum, it appears that your system may indeed have some flaws). And password files, while they may be a hard target, have a high value when compromised.

We're aware of those security concerns with cloud storage of course. Your scenario involves a lot of steps from data file in the cloud to a hard target being cracked. As we discuss in our design document, we make sure that we don't write any actual crypto code. We only use what's been widely tested by the smartest crypto people on the planet. If there's a problem with the crypto we use for 1Password data, then anyone that uses Apple operating systems has much bigger things to worry about.

The flaw you mentioned before only applied to the SQLite format that 1Password 3 for iOS was using to store the data locally on the device. The Agile Keychain format has never been vulnerable to those same issues to my knowledge and when those issues that Elcomsoft raised were brought to our attention, we acted quickly to fix them and we were open and honest in our response to the paper and communicating with our users.

Quote:

And please, STOP CALLING IT SYNC. The iTunes file transfer is NOT A SYNC. It's a one-way complete database replacement (though from your terrible online help and broken wizard, that's completely unclear). Continuing to do so is false advertising.

If it were a true sync, then it would be a clunky, but potentially usable replacement. Until you have password level, bi-directional syncing (i.e. what wi-fi sync does), it's not an option.

No one's called this a sync. It's iTunes File Sharing. iTunes can perform the syncing of the documents that are shared over USB or Wi-Fi. I'm sorry that language wasn't clearer. No, this is not a sync. But it is a way to move data from the desktop to the iOS application without using cloud syncing. It takes a little more thought to do so, but so did Wi-Fi syncing because you had to remember to launch both apps when you were on a network that would allow the Bonjour network connection.

Quote:

I've watched 1Password go down the tubes over the past few years.

I'm sorry you feel that way. If you'd like to share more about what you think could be improved, we'd welcome you to email our support team with your feedback at support@agilebits.com

[Razeus]

Quote:

Originally Posted by lhotka

Then the majority of your users are blind to the security risks - and frankly, your attitude makes me question your staff's entire approach to security (though I notice you didn't include secure in the list of dropbox advantages). Oh, and by the way, there's some good evidence that AES-128 is *more* secure than 256: http://www.schneier.com/blog/archive...r_new_aes.html


The threat model here is very real - dropbox has had a number of issues that exposed user data to both internal and external users. All it takes at that point is a single flaw in your encryption scheme to expose an entire password file (and given some of the papers linked to earlier here in the forum, it appears that your system may indeed have some flaws). And password files, while they may be a hard target, have a high value when compromised.


And please, STOP CALLING IT SYNC. The iTunes file transfer is NOT A SYNC. It's a one-way complete database replacement (though from your terrible online help and broken wizard, that's completely unclear). Continuing to do so is false advertising.

If it were a true sync, then it would be a clunky, but potentially usable replacement. Until you have password level, bi-directional syncing (i.e. what wi-fi sync does), it's not an option.

I've watched 1Password go down the tubes over the past few years.

HAS HAD are the key words. So you think Dropbox is no longer trying to improve their security features as time goes on? Just ask Microsoft, NOT every security hole will be solved at launched but gets solved as things come up. That's the way it is. Dropbox is probably the best in terms of security, speed, features, pricing, space, performance and apps. Remove your tin foil hat.

[d21mike]

Quote:

Originally Posted by AGJamie

Thanks for the kind words! I'm glad that's working for you. This will be an effective solution for you I feel, but just keep in mind that moving data via iTunes is a replace operation, so if you make all your changes on the desktop only or vice versa, it will work great.

Understand, and that is not a problem for me. I did get Dropbox as a temporary solution for syncing between my desktop and my laptop. I plan to drop that when v4 comes out. I know I could put dropbox on my iOS Devices but just prefer not to do that just for this. I may reconsider later.

By the way, you may want to consider Sync over regular file sharing (APF, SMB/CIFS, WebDav) for those that do not want or are restricted from using the "cloud" and since you no longer supporting Wifi. Not an issue for me but just thought I would mention it. My office uses a VPN for all of our business files so I have access to saving my stuff there if I wanted too. Of course easy to do this on the Mac and Windows but not sure about iOS. However there are a number of iOS Apps that support this so maybe not that hard to do. Examples are iFiles, DS File, FileBrowser etc.

Anyway, I have wanting to do this for some time and with your v4 I finally decided that now was the time. Glad I did, this is much better then my old way of using a Secure ZIP File .

[dinggus]

I always have issues with 1Password. It never updates just the website login information for when I have to change my password and then I have a few logins to try.

Also, is it normal to have multiple keychain files saved in DropBox for backups?

[AGJamie]

Quote:

Originally Posted by dinggus

I always have issues with 1Password. It never updates just the website login information for when I have to change my password and then I have a few logins to try.

Yes, password changes are one of the areas where our browser extension is seriously lacking right now. Right now, the best thing to do is copy the password and update it in the existing login manually rather than saving a new login for the page. This is one of the things we hope to turn our attention to in the new year, a revamped browser extension that handles this and several other things better.

Quote:

Also, is it normal to have multiple keychain files saved in DropBox for backups?

Are they all .agilekeychain files or are they zipped up? Double check your Backups location if you're on 1Password 3.8 on your Mac to make sure it's not pointed at your Dropbox folder. If you still have trouble, please email us with more details and a diagnostics report and we'll investigate further.

--
Jamie Phelps
Code Wrangler @ AgileBits

[dinggus]

Quote:

Originally Posted by AGJamie

Yes, password changes are one of the areas where our browser extension is seriously lacking right now. Right now, the best thing to do is copy the password and update it in the existing login manually rather than saving a new login for the page. This is one of the things we hope to turn our attention to in the new year, a revamped browser extension that handles this and several other things better.



Are they all .agilekeychain files or are they zipped up? Double check your Backups location if you're on 1Password 3.8 on your Mac to make sure it's not pointed at your Dropbox folder. If you still have trouble, please email us with more details and a diagnostics report and we'll investigate further.

--
Jamie Phelps
Code Wrangler @ AgileBits

Okay, thank you for that info. Below is the SS of my drop box.



I'd love to start using this again because juggling my passwords and my work is having me start remembering passwords is getting exhausting.

[whynot83706]

So if i buy new version for iOS, version 4. Will I be able to sync version 4 with my Mac which has Version 3?

[AGJamie]

Quote:

Originally Posted by dinggus

Okay, thank you for that info. Below is the SS of my drop box.

Image

I'd love to start using this again because juggling my passwords and my work is having me start remembering passwords is getting exhausting.

Yes, it looks like your backup location is set to Dropbox. I assume you're on 1Password 3.8 (1Password > About 1Password to check), in which case go to 1Password > Preferences > Backup and set it to the default location of ~/Library/Application Support/1Password/Backup If that doesn't help, delete the com.agilebits.1Password plist files from ~/Library/Preferences and restart your Mac and that should reset the location.

I hope that helps. If not, please do email us and we'll dig in further.

--
Jamie Phelps
Code Wrangler @ AgileBits

----------

Quote:

Originally Posted by whynot83706

So if i buy new version for iOS, version 4. Will I be able to sync version 4 with my Mac which has Version 3?

Yes, 1Password 4 syncs via Dropbox to any other 1Password version that supports Dropbox syncing. 1Password 4 for Mac will have iCloud support as well.

--
Jamie Phelps
Code Wrangler @ AgileBits

[lhotka]

Quote:

Originally Posted by AGJamie

You're welcome to your opinion on this. If you choose not to sync your data to the cloud, that's fine. We don't force it on anyone, but we want our users to have all the information to make the best decision for them. This is one of the ways that we're different from some of our competitors. The cloud is available but not required.



Yes, we're aware of that research, but the debate is still going and as Bruce points out in the post, there are some very specific conditions that have to be met in order for that issue to even arise, and it's not applicable to full AES-256, only 11-round. We're confident in the decision to go to 256-bit keys.



We're aware of those security concerns with cloud storage of course. Your scenario involves a lot of steps from data file in the cloud to a hard target being cracked. As we discuss in our design document, we make sure that we don't write any actual crypto code. We only use what's been widely tested by the smartest crypto people on the planet. If there's a problem with the crypto we use for 1Password data, then anyone that uses Apple operating systems has much bigger things to worry about.

The flaw you mentioned before only applied to the SQLite format that 1Password 3 for iOS was using to store the data locally on the device. The Agile Keychain format has never been vulnerable to those same issues to my knowledge and when those issues that Elcomsoft raised were brought to our attention, we acted quickly to fix them and we were open and honest in our response to the paper and communicating with our users.



No one's called this a sync. It's iTunes File Sharing. iTunes can perform the syncing of the documents that are shared over USB or Wi-Fi. I'm sorry that language wasn't clearer. No, this is not a sync. But it is a way to move data from the desktop to the iOS application without using cloud syncing. It takes a little more thought to do so, but so did Wi-Fi syncing because you had to remember to launch both apps when you were on a network that would allow the Bonjour network connection.



I'm sorry you feel that way. If you'd like to share more about what you think could be improved, we'd welcome you to email our support team with your feedback at support@agilebits.com

Go look at your web page - it's under Data Sync. Go look at the app - it's under Syncing.

Use the app - click 'previous user' then click 'itunes' and see what happens, then tell me again that you've provided adequate information about how to set it up, and the limitations involved.

Your support team has been brushing off cloud sync concerns for years. It's a significant risk (and for those who think I'm wearing a tinfoil hat, go read your TOS and point out where you have a remedy when your data is exposed - even their own attorneys know the risks).