Understanding Encryption in Sync

I found the latest “tips and tricks” item interesting - “Understanding Encryption in Sync” - that tells you how to view your sync password using Keychain Access.

I didn’t know that my sync password is only as strong as my Mac login password.

I suppose this sync password has to be kept in Keychain Access, since there is no securer way of representing it?

That is an incorrect characterization. The encryption key’s strength has nothing to do with the strength of your administrative password. By the sound of it, you have little faith in your admin password.
Also, all the credentials in Keychain Access are accessible in the same way, not just an encryption key, so you should question those as well.

And the option was mentioned in the blog post as we often have people who claim they don’t have an encryption key, or have forgotten it.

PS: It’s not a sync password. It’s an encryption key.

1 Like

In addition to @BLUEFROG response, the sync encryption key is attached to the sync database which is on a different device and is a barrier to entry to the sync files, e.g. protection against “intruders” directly to that device remote and probably independent from your Mac.

Should that same or other “intruder” get access to your mac (keyboard physical access or via the network), the equivalent barrier is the password for any user. If they get in to your machine, they can then run Keychain with the permissions of the user they “hacked” and see and get any encryption key stored there. They can also get all the other ID’s and passwords stored for other services and devices used by the "hacked’ id.

That’s another way of explaining the idea why “my sync password is only as strong as my Mac login password.” They are not the same, but the Mac login password protects the encryption key.


No it isn’t. It should be obvious that I meant: if one knows the latter, then one knows the former, completely regardless of the relative strength or entropy of the strings involved.

For website logins and all kinds of online services, I allow 1Password to generate passwords that are very long and comprised of all sorts of kinds of characters. These are quite impossible to memorise, and unless and until quantum computers become used practically, these passwords have so much entropy that they’re virtually immune to cracking.

For the 1Password master key (which I have to memorise) I use an extremely long and complex string that I never write down, type or store anywhere else, and which I have memorised by my own mnemonic method. I’ve used it for so long now that my brain has developed a motor program (‘muscle memory’) for it, so that I find my hands can type it faster than my brain can recall it in other ways. I’ll call this my “complex” password.

This is fine for 1Password, as the frequency with which I need to use it is low enough to justify the “long” time (a good few seconds) taken to type it. A similar “complex” password which I also memorise using my mnemonic is also good for the DT3 sync store, since I hardly ever have to enter that.

But the frequency of needing to enter a login password for my Mac is much, much higher; thus I have been using a string that has much less entropy: in other words, a less secure password. Call this my “simpler” password.

I had ‘faith’ in my simpler password to stop the casual physical snooper.

However now I see that the complex password is practically (if not actually) as secure as the simpler password in the keychain.

@rmschne: yes, of course I am thinking of physical access to my Mac.

I see that the only way to better secure the sync store is to use another complex ‘meatware’ password for my Mac login. This may be even more necessary now that access to one’s Apple ID on the web is often by way of the computer account login password.

*Password, encryption key, same difference, Most of the time we’re just talking about a string that has as much entropy as is practical for the frequency that one is required to use it. I could make the sync store string even longer and keep it in 1Password, but even then it would still be “reliant” on the Mac login password string. But really there’s little point in quibbling about labels.

It’s not necessary, it’s basically only for those who forget the entered key.

Interesting. Removing the sync password from the keychain would obviate my need to use one of my “complex” passwords for my Mac login.

If I wished to remove the sync password from the keychain, how would I go about doing so? And what would be the practical implications of doing so (in terms of using my DT3 Dropbox sync, etc)?

Just remove the encryption keys from the keychain, this shouldn’t have any impact. BTW: Do you use only encrypted databases? Otherwise you would still need a complex password for the login.

No impact? OK. That’s great. I thought maybe I’d end up having to enter the password very frequently.

Some of my databases are encrypted, some are not. The ones that are encrypted are encrypted to protect access to them on the physical computer. But the ones that aren’t, though not protected on the physical computer, are protected in transit to, from and at rest on Dropbox’s servers, I take it.