Topics

I use 1Password and like it a lot..
However, its encryption level is not good enough for my taste: I use it to protect my sensitive login data and in the event that somebody gets hold of the agilekeychain that it uses, there are too many bits of information that are stored in plain text in my opinion.

This is something that the guys from 1Password are working on apparently, but in the mean time, thiefs of my HDD or computer or trojan horses harvesting 1Password files or dropbox hackers could fairly easily see all my login URLs (amazon, name of bank, etc.) as well as the password strength.

This was actually highlighted by the 1Password guys themselves in this post - http://blog.agilebits.com/2011/11/defen ... arvesters/

My basic strategy to protect any sensitive info (emails, sensitive folders like financial stuff) leans towards using Espionage on a selective basis (include all sensitive stuff): as a result: it is encrypted on my internal HDD and anywhere else it gets replicated to (external HDD, cloud, etc.).

Based on the above, I am thinking that encrypting the 1Password folder containing its own keychain (agilekeychain - I do not use the Mac login keychain) might be a solution. Has anybody tried this option? I can only see a few old references to 1Password in the forum and there is no application template for 1Password.
Are there any issues? - especially if using the browser extension, which accesses the same file? (ie would I need to associate the browser application to the folder too? - I'm using Chrome)

Thanks,
Jezza

I was not able to find any explanations as to what exactly the Path Finder option in the Preferences does?

The help file does not mention it and all I could find on the site was:

"Path Finder Support!

Path Finder users rejoice! Espionage now has a checkbox for you in its general preferences. Just enable the Path Finder compatibility mode, and Espionage will work seamlessly with your favorite file manager."

I use Path Finder as my default file browser and had Espionage running without the option ticked at first with seemingly no issues (I have only started trialling it). Checking it does not seem to give any differences?

Thanks,
Jez

I am just trialling Espionage and so far, it looks promising.

But I have the following questions / required clarifications after having looked up a few forum posts. Basically my aim is that specific data on my hard drive (and then copied onto a backup location - external HDD or offline/cloud storage) is unaccessible to anybody else than me.

If I understand correctly, encrypted folders use the standard/native  Mac OS encryption with sparse images/bundles "wrapped in a clever way" that allows Espionage to do its magic such as application data locking, auto-unlock, white-listing, etc.

1- I read on the forum that this means data on the hard drive is always encrypted (it only gets mounted as a volume and decrypted on the fly and stored in RAM when unlocked - but the actual HDD data is unlocked). Is this correct?

2- Does that mean that if I have many large encrypted folders - all unlocked, this will greatly increase RAM usage (to hold all this decrypted data)?

3- I understand that there are lots of requests for timed or screensaver/sleep-triggered auto-locks (many messages from 2010 in forum) but this does not seem to have been implemented (yet?) as I could not see any mention of it in the app or help file. I understand the complexities of it (if a document from an encrypted folder is open, etc.) and the usual answer seems to be "to enable the sleep/screensaver password in the Security System Preferences" (which I already do). I completely understand the rationale behind this: if a thief resets my user password to be able to login (will need to log off/restart) or access the HDD from another machine, they wont be able to access my RAM, which is where the decrypted information resides.
However my question is with regards to the sleepimage file, which - as I understand - contains a dump of the RAM to disk. Does this mean that the Espionage-protected data (all unlocked folders) will implicitly be dumped in its RAM-DEcrypted state to disk as part of the overall RAM dump/copy?

4- If the above is true. Is it sufficient to set the Security System Preference "Use Secure Virtual Memory" to true to be protected (i.e. the unlocked Espionage folders will be dumped in their decrypted state as part of the overall RAM, which is in turn fully encrypted somehow by Mac OS)?

5- In terms of backup, there should not be any of the problems above: if I keep to the recommendation of either using the built-in backups or ensure that the folders are locked when running the backup, only the encrypted data should be copied?

Thanks in advance (and sorry for the long message!)

Jezza