Archive for September 8, 2013

Sunday, September 8, 2013

1Password and the Crypto Wars


It is impossible to absolutely prove that our answers to the easy questions above are truthful. But what I can do is provide a number of more verifiable claims, each of which makes it harder for us to lie about any of this. In combination, these should be enough to persuade you that there is no backdoor (deliberate weakness) in 1Password and that it would be very unlikely for one to be introduced.

One idea that’s not addressed is whether there could be a backdoor in the AES library that they’re using. Actually, what I found most interesting about this post was that they publish the full details of the 1Password 3 Agile Keychain and 1Password 4 Cloud Keychain file formats:

The Agile Keychain format used a separate file for each item in the user’s keychain. Experience has taught us that not only that having each item in its own file creates difficulties for some filesystems, but that it also brings a penalty with data syncing as well. There is an overhead for synching each individual file irrespective of its size. Having hundreds or thousands of small files led to inefficient syncing in some cases. On the other hand, we don’t want a single monolithic file, which would introduce its own problems for synchronizing 1Password data across systems.

We combine items into 16 bands depending on the the item’s unique identifier (UUID). For example, all items that have a UUID beginning with “C” will be listed in the file band_C.js. Band files range from band_0.js to band_F.j. If there are no items in a particular band, there will be no band file for it.

Requirements for a True Mac Keyboard

Peter Hosey:

All too many Mac versions of Windows keyboards have all three modifiers the same size, as the original Windows models do, and some even still have four keys in the lower-right corner (with the fn key in the place of the right-click key).


If you have a fn key, fn-return should be Enter, exactly as on Apple’s laptops. I don’t care about this for extended keyboards, but for a compact keyboard, it’s a requirement, and if you have an fn key anyway, better to support it than not. If nothing else, it’s an affordance to heavy laptop users, who’ll be used to fn-return as a habit.

Virtualize Like a Maverick

Matthew Guay:

Parallels has released an annual upgrade ever year since it was released, but VMware tended more towards the 2 year mark between major releases. Now, though, both companies are releasing new versions in lockstep with new versions of OS X, and if you are serious about running Linux or Windows on your Mac, you’ll be upgrading both OS X and your virtualization tool of choice each year. And this year, you’ve got more choices than ever as both apps are trying harder to appeal to casual users and the more advanced needs of IT teams.

He says that the previous versions work fine with Mavericks, however.