1Password agilekeychain encryption using Espionage

Started by Jezza, November 19, 2011, 04:21:56 AM

Previous topic - Next topic

Jezza

I use 1Password and like it a lot..
However, its encryption level is not good enough for my taste: I use it to protect my sensitive login data and in the event that somebody gets hold of the agilekeychain that it uses, there are too many bits of information that are stored in plain text in my opinion.

This is something that the guys from 1Password are working on apparently, but in the mean time, thiefs of my HDD or computer or trojan horses harvesting 1Password files or dropbox hackers could fairly easily see all my login URLs (amazon, name of bank, etc.) as well as the password strength.

This was actually highlighted by the 1Password guys themselves in this post - http://blog.agilebits.com/2011/11/defen ... arvesters/

My basic strategy to protect any sensitive info (emails, sensitive folders like financial stuff) leans towards using Espionage on a selective basis (include all sensitive stuff): as a result: it is encrypted on my internal HDD and anywhere else it gets replicated to (external HDD, cloud, etc.).

Based on the above, I am thinking that encrypting the 1Password folder containing its own keychain (agilekeychain - I do not use the Mac login keychain) might be a solution. Has anybody tried this option? I can only see a few old references to 1Password in the forum and there is no application template for 1Password.
Are there any issues? - especially if using the browser extension, which accesses the same file? (ie would I need to associate the browser application to the folder too? - I'm using Chrome)

Thanks,
Jezza

greg

#1
I have not personally tried this but if you decide to do it my advice would be to please make sure to keep backups of everything and make sure that the folder is set to autounlock at login and leave it unlocked while you're logged in.
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!