[Disclosure: I work for AgileBits, the makers of 1Password] On 2015-06-16, at 10:53 AM, John R. Levine <jo...@iecc.com> wrote:
> Are there any password managers that let the user specify where to store a > remote copy of the passwords (FTP server, scp, Dropbox, whatever) while > keeping > the crypto and the master password on the end devices? With 1Password the answer is technically “yes”, but in practice it is more of “sort of”. If you are just using 1Password on desktop machines, then you can sync however you wish using anything that will look like a filesystem. But when you need to sync with 1Password on mobile devices the choices are reduced because 1Password doesn’t get to see a normal filesystem. For “cloud” based synching, there is Dropbox and iCloud on iOS and Dropbox on Android. However, there is a local “wifi sync” mechanism that lets you sync between desktop and mobile over a local wifi network. > Seems to me that would limit the cloudy trust problem while still addresssing > the very real problem of a zillion accounts used from multiple devices. Genuine efficient and reliable sync is hard. We’ve worked so that as much sync and conflict resolution can happen on fully encrypted data so that the slow part can be done even when 1Password is locked. But some conflict resolution has to wait until the user unlocks one password. At any rate, we never have any of your data in any form whatsoever. Our goal as been “we can’t lose, use, or abuse” data that we don’t have. However to make synching work smoothly, we do end up strongly encouraging the use of Dropbox, but at the same time we’ve designed 1Password with the expectation that attacks will capture your encrypted data one way or the other, and that sync services (and your own hard drives) can be compromised. I should point out that while we get some very nice security properties by not being a service you log into (your master password is only ever used for encryption), it does mean that we can’t offer some of the flexibility that something like LastPass can. Cheers, -j _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography