Security and Design Overview

The goals and design of 1Password’s security

What kind of encryption does 1Password use?

The short answer

The short answer is 1Password uses the best available encryption from well trusted and scrutinized cryptographic libraries. It is designed in accordance with the recommendations of the cryptographic research community.

It is designed so that if anyone (including us) were to get a hold of your 1Password data there is no feasible way for them to decrypt your secrets without knowing your Master Password. We’ve even designed 1Password to make things extra difficult for systems that might try guessing your Master Password.

The buzzword compliant answer

1Password 4’s Cloud Keychain format uses Encrypt-then-MAC for authenticated encryption with AES-CBC-256 for encryption and HMAC-SHA256 for Message Authentication. Key derivation uses PBKDF2-HMAC-SHA512. On Mac and iOS 1Password uses SecRandomCopyBytes() from Apple’s security framework.

The gory details

You can find the the full description of all of the encryption used and the rationale for that design in our Cloud Keychain design document. We are proud to make our data design details public and open to expert scrutiny.

Copyright © 2014 AgileBits Inc.