| [Disclosure: I work for AgileBits, the makers of 1Password] It's true that in the Agile Keychain Format item title and URL are not encrypted, but it is a mistake to think that only passwords are encrypted. That's not how it works. The details of exactly what is and what isn't encrypted in the Agile Keychain Format is documented in the first link in the article. (And has been since the day the Agile Keychain Format was introduced). The rationale for that design choice was spelled out later in
http://help.agilebits.com/1Password3/cloud_storage_security.... among other places. Attachments are encrypted. Other than some meta data (modify times and the like) the only things that aren't encrypted are the Location (URL) and the Title. Earlier versions of the AgileKeychain format also left password strength unencrypted, but that was changed (and announced) years ago. And as we've promised, we are moving to a new format that encrypts everything (except some things such as modify time). The 1Password Cloud Keychain format is documented here: http://learn.agilebits.com/1Password4/Security/keychain-desi... When we first promised this, we weren't sure how we would achieve the three goals of having: (1) Everything encrypted.
(2) Only decrypting a single item at a time.
(3) Efficient listing and matching of items to websites. To understand how we've managed to achieve all three you need to take a look at the details of the Cloud Keychain Format. Currently, the Cloud Keychain Format is only used for syncing data between 1Password 4 on iOS devices. But it will eventually replace the Agile Keychain Format everywhere. Cheers, -j |