The great folks over at AgileBits are updating 1Password with support for Intel’s SGX Secure Enclave technology.
You might reasonably think that your data is encrypted directly by your Master Password (and your secret Account Key), but there are a number of technical reasons why that wouldn’t be a good idea. Instead, your Master Password is used to derive a key encryption key which is used to encrypt a master key. The details differ for our different data formats, but here is a little ditty from our description of the OPVault data format to be sung to the tune of Dry Bones.
Each item key’s encrypted with the master key And the master key’s encrypted with the derived key And the derived key comes from the MP Oh hear the word of the XOR Them keys, them keys, them random keys (3x) Oh hear the word of the XOR
And that is a simplification! But it is the appropriate simplification for what I want to talk about today: Some of our intrepid 1Password for Windows beta testers can start using a version of 1Password 6 for Windows that will have an extra protection on that “master key” described in that song. We have been working with Intel over the past few months to bring the protection of Intel’s Software Guard Extensions (SGX) to 1Password.
Soon (some time this month) 1Password for Windows customers running on systems that support Intel’s SGX will have another layer of protection around some of their secrets.
Having AgileBitskeep up to date on the latest security technologies is one of many reasons I use 1Password to store anything I need kept secure. If you aren’t already using a password manager, I can’t recommend 1Password enough.