History of OS X Keychain Integration in 1Password
Since the very beginning, 1Password has proudly used the Mac OS X keychain Services to store all of its information. Written by Apple, this service is a fantastic component of OS X and a shining example of why developing for the Mac is better than for any other platform. After years of use, we learned a lot about the nuances of the Mac OS X keychain and how users benefited from it, as well as where things could be improved.
This document describes the reasons 1Password originally used the Mac OS X keychain and why a transition to the Agile Keychain was needed.
Why Did 1Password Originally Use the Mac OS X keychain?
The Mac OS X keychain has many benefits that made it a natural choice:
- It is shipped on every Mac and used by millions of people, making it robust and well tested.
- It is open source, helping to ensure its encryption algorithms are well designed and free of errors.
- By using the Mac OS X keychain, 1Password did not need to include a single line of encryption code.
- The Mac OS X keychain is supported by Apple, helping to ensure it will be around for many years to come.
- Additional security measures like automatic locking are built in.
- Locking is handled by a central process, meaning unlocking the keychain in one application will automatically unlock it for all other applications.
- MobileMe syncing is built into the Mac OS X keychain.
How Can the Agile Keychain Be Even Better?
As 1Password matured and became more mainstream, many users started requesting features that were not possible with the Mac OS X keychain. While the benefits of the Mac OS X keychain were many, they were beginning to be outweighed by the following drawbacks:
- Synchronization of data without using MobileMe is not realistic because of the single-file format used by the Mac OS X keychain.
- Syncing with the iPhone or iPod touch is not supported.
- The Mac OS X keychain is by definition for OS X only, making cross-platform support difficult. We looked at migrating the Mac OS X keychain code to other environments but it was not a simple task and the reward was questionable.
- Many users, especially those new to the platform, have never heard of the Mac OS X keychain. These users are often confused by the prompts the Mac OS X keychain presents. Even worse, having never used the Keychain Access application, these users have difficulty performing common tasks like changing their password, automatic lock settings, and sync options.
- The Mac OS X keychain uses Triple DES as its encryption algorithm which is quite secure, but is growing older and has been superseded by newer encryption algorithms with longer key lengths. The US government has deprecated the use of Triple DES and has set AES as its new standard.
- The Mac OS X keychain’s automatic lock function is based on usage of the keychain itself, not your activity, such as typing and mouse usage. Many users wanted the automatic lock feature to be based on their use of the computer, not the length of time between keychain uses.
- As the Mac OS X keychain size grows, its performance deteriorates significantly. The main cause of this is how updates are handled. When updating any data, a separate temporary file is created with a full copy of the original keychain, and then copied over. As the file size increases, copying the original file contents becomes very slow.
- MobileMe syncing of keychains is often unreliable, causing duplicate items to be created, items deleted for no apparent reason, and the creation of corrupt entries that cannot be accessed. Since 1Password does not contain any encryption or synchronization code, it is impossible to fix these issues directly.
Decision to Develop the Agile Keychain
The Mac OS X keychain has served 1Password very well over the years. With the introduction of the iPhone SDK and the many great ideas for improvement from our users, the drawbacks associated with the Mac OS X keychain have started to outweigh the benefits. In fact, while investigating alternatives we realized that the main benefits of the Mac OS X keychain could all be achieved in other ways while learning from its existing limitations and avoiding them.
In the end, probably the greatest motivation to make a change was syncing. When Leopard and MobileMe were released, the reliability of the Mac OS X keychain syncing became spotty at best. Given that syncing is one of the most important things for a password manager, it is unacceptable to have any unreliability in this area. In fact, about a third of our customer support inquiries are related to syncing issues in one way or another.
1Password therefore now uses the Agile Keychain format to address these issues while building on the tenets of the Mac OS X keychain. If you’d like more information on the architecture and design of the Agile Keychain, please refer to the Agile Keychain Design document.