Yojimbo for iPad sync exposes passwords on my mac - any ideas?

77 views
Skip to first unread message

skkippy

unread,
Apr 9, 2011, 9:48:32 AM4/9/11
to Yojimbo Talk
Here's my problem - I have encrypted items in Yojimbo that I want to
keep very private. I've been able to keep these items in sync between
Mac's without revealing my Yojimbo password.

But Yojimbo for iPad pairing requires that I put my Mac Yojimbo
password in a keychain. This exposes the Yojimbo password, and hence
the encrypted items, to anybody who can access the keychains. To me,
this makes encrypting Yojimbo items pointless - they become no more
secure than unencrypted items. Both are accessible to anybody who can
login to the account.

I've thought of 1Password and disk encryption as alternatives. Has
anybody got a work-around that still uses Yojimbo but avoids this
exposure? Or maybe I'm missing something?

toad...@mac.com

unread,
Apr 9, 2011, 2:46:45 PM4/9/11
to yojimb...@googlegroups.com
On Apr 9, 2011, at 6:48 AM, skkippy <mrtn...@gmail.com> wrote:

> To me, this makes encrypting Yojimbo items pointless - they become no more secure than unencrypted items. Both are accessible to anybody who can
> login to the account.

Maybe other users should have their own accounts on the Mac so you can keep your keychain private?

Another option is to set the keychain to not unlock at login. Or, simply create a second keychain for your private info. I believe you can have as many keychains as you like, and one can be optionally set to automatically unlock at login.

See Keychain Access in your Utilities folder to play with these options.

-Dennis

Charlie Garrison

unread,
Apr 9, 2011, 6:50:26 PM4/9/11
to yojimb...@googlegroups.com
Good morning,

On 9/04/11 at 11:46 AM -0700, toad...@mac.com wrote:

>Another option is to set the keychain to not unlock at login.
>Or, simply create a second keychain for your private info. I
>believe you can have as many keychains as you like, and one can
>be optionally set to automatically unlock at login.

In addition, just because the keychain is unlocked does not mean
the password is visible. The keychain password still has to be
entered before Keychain Access will display the password (unless
you gave Keychain Access permission to *always* decrypt that item).

I agree with Dennis, just think a bit more about how you can get
keychains working the way you want; that will be much simpler
than introducing a different keychain manager.


Charlie

--
Ꮚ Charlie Garrison ♊ <garr...@zeta.org.au>

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
http://www.ietf.org/rfc/rfc1855.txt

Chris H.

unread,
Apr 10, 2011, 3:00:17 PM4/10/11
to Yojimbo Talk
I understand your frustration, as I've also had concerns about the
security of Yojimbo in the past.

I have previously contacted BareBones, suggesting that the Yojimbo app
have some kind of additional security, and ideally a feature where
password-protected items in Yojimbo would close/lock themselves after
a user-specified amount of time. (Protecting you from situations,
where you left an encrypted document open in Yojimbo.)

BareBones' answer was that the tools needed are all provided by Apple
themselves in the keychain and they therefore were not interested in
doing anything else with Yojimbo security. Personally, I think
locking your main keychain is a pain in the butt and not practical
(especially Safari whines for access to the keychain constantly --
even when not viewing encrypted pages).

This is one of several reasons that I'm moving to other solutions for
much of my information storage. (One of the others being the iphone
issue) I am storing more than ever in 1Password (more than just
passwords -- private notes, too) and Evernote. I feel 1Password has
superb security, and that Evernote security is satisfactory (but
definitely needs improvement -- especially the iphone app).

Unfortunately, I don't have a clear solution for you. But adopting
1Password may be the answer. It's a great utility, that I rely on
daily, and I don't think it's ever let me down in the several years
I've been using it. And in conjunction with DropBox sync, it is the
ultimate password storage tool.

Chris

Neil Faiman

unread,
Apr 10, 2011, 4:40:34 PM4/10/11
to yojimb...@googlegroups.com, Chris H.
On Apr 10, 2011, at 3:00 PM, Chris H. wrote:

> BareBones' answer was that the tools needed are all provided by Apple
> themselves in the keychain and they therefore were not interested in
> doing anything else with Yojimbo security. Personally, I think
> locking your main keychain is a pain in the butt and not practical
> (especially Safari whines for access to the keychain constantly --
> even when not viewing encrypted pages).

I think that you might find it helpful to explore the features of the OS X keychain more thoroughly.

It is quite simple to create a new keychain, independent of your login keychain, with any enhanced security features you like. (For example: has its own password, distinct from your login password; is not opened automatically at login; closes itself automatically after five minutes.)

Then simply move your Yojimbo password entry from the default keychain to your new high-security keychain. (How? Literally drag the entry from one keychain to the other.)

Now, when you access any locked item in Yojimbo, Yojimbo will have to get the password from the high-security keychain, which will be locked, so you will have to type in your special high-security password.

Meanwhile, all of your other passwords will remain in the default keychain, with the default security -- i.e., no whining from Safari.

Regards,

Neil Faiman

Charlie Garrison

unread,
Apr 10, 2011, 6:00:32 PM4/10/11
to yojimb...@googlegroups.com
Good morning,

On 10/04/11 at 12:00 PM -0700, Chris H.
<google...@chrishart.net> wrote:

>BareBones' answer was that the tools needed are all provided by Apple
>themselves in the keychain and they therefore were not interested in
>doing anything else with Yojimbo security. Personally, I think
>locking your main keychain is a pain in the butt and not practical
>(especially Safari whines for access to the keychain constantly --
>even when not viewing encrypted pages).

Don't use the main keychain for storing the Yojimbo master
password. Keep it in a different keychain that stays locked and
only unlock it when Yojimbo needs it.

Charlie Garrison

unread,
Apr 10, 2011, 6:10:30 PM4/10/11
to yojimb...@googlegroups.com
Good morning,

On 10/04/11 at 4:40 PM -0400, Neil Faiman
<neil....@faiman.org> wrote:

>Now, when you access any locked item in Yojimbo, Yojimbo will
>have to get the password from the high-security keychain, which
>will be locked, so you will have to type in your special
>high-security password.

I should have read Neil's reply first. He explained it much
better than I did.

Also, the Apple keychains can store encrypted notes too; it's
not only for passwords.

The only reason I've ever found a need for anything other than
Apple keychain (& Yojimbo) is shared passwords when using Linux.
And that need hasn't been strong enough to look for alternate solutions.

Jeff Berg

unread,
Apr 11, 2011, 9:32:12 AM4/11/11
to Yojimbo Talk


On Apr 10, 3:40 pm, Neil Faiman <neil.goo...@faiman.org> wrote:

> I think that you might find it helpful to explore the features of the OS X keychain more thoroughly.

> It is quite simple to create a new keychain, independent of your login keychain, with any enhanced security features you like. (For example: has its own password, distinct from your login password; is not opened automatically at login; closes itself automatically after five minutes.

Exploring a little further, you can put your extra secure keychain
file onto a USB fob that you carry with you. This provides two factor
authentication (something you have, the USB fob and something you
know, the keychain password) and allows you to use your secure
keychain(s) on multiple Macs. Remove the USB fob and that keychain and
it's secrets are no longer available for use on that Mac.

I picked up this tip at a talk given by Shawn Geddis (Security
Engineer at Apple) a couple of years ago. The process is outlined in
Apple's 'Snow Leopard Security Configuration' document (start at page
134) http://images.apple.com/support/security/guides/docs/SnowLeopard_Security_Config_v10.6.pdf
and is also available in this Macworld article:
http://hints.macworld.com/article.php?story=20030523192222638

Barebones is right on the one. Apple provides the technology for
developers to leverage and , with all due respect, I there is little
they can do to improve upon it in this case. Yojimbo is a all about
leveraging core technology and core data and IMHO that's one of the
big assets of the software.

The problem is that Apple doesn't do the best job of documenting
these features, or more accurately of making "regular users" aware of
the documentation available. The Security Configuration Guide (also
available for previous versions of the OS and Server OS:http://
www.apple.com/support/security/guides/ ) is a great start. There are
depths the Keychain and OS X security that are worthy of explanation.
(Here' another quick taste: Keychain Access actually gives you the
ability to become a self-signing Certificate Authority.)

jab


Chris H.

unread,
Apr 11, 2011, 2:49:46 PM4/11/11
to Yojimbo Talk
___ On 4/10/11 6:10 PM,<garr...@zeta.org.au> wrote: ___

> The only reason I've ever found a need for anything other than
> Apple keychain (& Yojimbo) is shared passwords when using Linux.
> And that need hasn't been strong enough to look for alternate solutions.

You obviously don't travel much or use many multiple devices, like I
do.

1Password and DropBox is a combination that I don't want to ever be
without. It's secure, cross-platform, with instant syncing, and
accessible from anywhere in the world, yet still works off-line. It's
brilliant.

Chris

Charlie Garrison

unread,
Apr 11, 2011, 6:10:37 PM4/11/11
to yojimb...@googlegroups.com
Good morning,

On 11/04/11 at 11:49 AM -0700, Chris H.
<google...@chrishart.net> wrote:

>___ On 4/10/11 6:10 PM,<garr...@zeta.org.au> wrote: ___
>
>> The only reason I've ever found a need for anything other than
>> Apple keychain (& Yojimbo) is shared passwords when using Linux.
>> And that need hasn't been strong enough to look for alternate solutions.
>
>You obviously don't travel much or use many multiple devices, like I
>do.

Nope, don't travel much, live in a small town. We've actually
started our car twice in the last month, busy times indeed.

The few times I have to go the big smoke (to manage servers) I
take my laptop which also has my keychains. And I have a USB
disk which I keep backups on (as well as my ssh keys). So a
cloud solution hasn't been important.

I do use the cloud for my Yojimbo data though, which is great
for using on my phone around town. :-)

skkippy

unread,
Apr 12, 2011, 9:56:45 AM4/12/11
to Yojimbo Talk
wow, lots of replies to my original query. Thanks to all.

I think, though, some replies are driving at more general problems.

All I want to do is sync with my iPad, while preserving the security
of encrypted items

When I set up sync with my iPad, Yojimbo placed my Yojimbo password in
my login keychain.
That makes my Yojimbo data accessible to anyone who knows the login
password (and how to access
a keychain).

Several of you have suggested I could move the Yojimbo key to another
keychain - a fine idea IF iPad sync still worked.

I wonder how Yojimbo could know that the iPad sync password it needs
is in some specific non-login keychain?

I was hoping that somebody had actually tried a non-login keychain and
can still sync with an iPad.

Charlie Garrison

unread,
Apr 12, 2011, 5:58:17 PM4/12/11
to yojimb...@googlegroups.com
Good morning,

On 12/04/11 at 6:56 AM -0700, skkippy <mrtn...@gmail.com> wrote:

>I wonder how Yojimbo could know that the iPad sync password it needs
>is in some specific non-login keychain?

Apps don't request a password from a given keychain; they just
ask for the password and the keychain system finds the item in
the appropriate keychain, and if locked, then asks for the
keychain password.

If it's not working that way for you, then maybe explain what is
happening since it sounds like some other error is getting in
the way.

Jeff Berg

unread,
Apr 13, 2011, 12:14:58 PM4/13/11
to Yojimbo Talk


On Apr 12, 8:56 am, skkippy <mrtngr...@gmail.com> wrote:

> I was hoping that somebody had actually tried a non-login keychain and
> can still sync with an iPad.

I'm tempted to suggest that you just try it yourself (with appropriate
backups of your keys of course) but I took one for the team and by
your command… I just did this and it works just fine. I'll detail my
tests in a moment, but first may we address your fear about having
Yojimbo's password stored in your keychain to begin with?

My testing so far indicates that the only thing the presence of the
password key is a convenience more than a necessity--with the possible
exception of some scripts. Even with the key present, I am prompted
for the password when decrypting entires on the computer--which is the
behavior I have set in the security preferences for Yojimbo. (For a
tip about using keychain to some advantage on the iPad see the final
section below.) If an unauthorized party gains access to the keychain,
they still can't read the password in plaintext without knowing the
keychain password. So what is the exposure you fear? I'm sorry, but I
just don't understand your concern. (And, as Charlie said above, if we
need to better understand it to provide an appropriate solution.)

What I did (and I encourage others to test for themselves, poke at my
methodology and question my findings)

I created a separate yojimbo keys.keychain file (and to facilitate
further testing, I put it on a USB thumb drive). For testing purposes
I used a simple, insecure password. I set that file to lock after a
minute of activity. I manually locked the yojimbo keys.keychain file

Next I created some new encrypted notes. yojimbo keys.keychain never
unlocked (as indicated by Keychain Access) but I wasn't prompted for a
password (per my security settings) and no new keys were created in
any of my keychains. I did an iPad sync, no problem.

Unmounted the USB drive which required me to delete the reference to
the keychain using Keychain Assistant (delete reference only, NOT
files!), then quit Keychain Assistant and Yojimbo.

Once the thumb drive was unmounted and Yojimbo restarted I was still
able to encrypt, decrypt and sync--I just had to type in my password
to do these things. I did not check any boxes to save my password to a
keychain and no new keys were created in any keychain files. (My
conclusion, you don't really need the keychain at all.)

Remounting the keychain--as simple as plugging in the USB drive and
then double clicking the keychain file--allowed syncing & encryption
without typing a password.

Warning: If you do a sync without the keychain being present AND you
"cancel" instead of typing the password you will see pointers to your
"new" encrypted documents on the iPad BUT they won't open. I assume
you could fix this by doing a complete re-sync but for my testing I
just deleted the bad documents.

Finally, I learned something cool about the Yojimbo keychain on the
iPad. (If this is documented elsewhere, I apologize. I I haven't read
much documentation for Yojimbo. Rich gave a demo at BMAC one night
that pretty much taught me everything I needed to get started and I've
figured the rest out along the way.)

Anyhow let's say I am going to be constantly in and out of encrypted
Yojimbo documents on my iPad for the next hour or so. I'm comfortable
that I will keep control of the iPad (which locks after 5 minutes
anyway) and I don't want to be bothered with typing in my password
every time I select a new record: Just enable the keychain by sliding
""Store in Keychain" to on when you type in your password to access
the first encrypted record. As you access more secure records, just
click on the "safe dial" to read them--no password necessary. When
you're done with your session, go to Settings:Yojimbo and deactivate
the keychain. The next time you access a secure record, you'll have to
type your password in again. Deactivating the keychain must delete the
keychain file because if you reactivate the feature you still have to
type your password initially. Understanding how this works is going to
really improve my Yojimbo experience—and I'll be encrypting more of my
records as a result.

Hope this helps. I'm sorry it isn't the clearest document--I'm
composing on the fly. Happy to answer more questions if I can.

In short, don't fear the keychain--just understand it.


Keri

unread,
Apr 17, 2011, 9:42:53 AM4/17/11
to Yojimbo Talk
I have a hard time finding ways to learn about my Mac, so thanks for
these links. Anyone have other ideas/resources to gain this type of
knowledge? I can use the resources online that Apple provides, and
this forum has been extremely useful (just reading people's questions
has opened up vistas for me!), but I'm thinking about something like a
book. For example, reading the forum here just doesn't help me
understand Keychains enough to mess around with mine. Does anyone
know if the "For Dummies" series would be helpful for a newbie-but-not-
dummy? Any other authors, forums, blogs, magazines, etc. that people
would recommend?

Cheers,
Keri

On Apr 11, 6:32 am, Jeff Berg <j...@purpleshark.com> wrote:
> On Apr 10, 3:40 pm, Neil Faiman <neil.goo...@faiman.org> wrote:
>
> > I think that you might find it helpful to explore the features of the OS X keychain more thoroughly.
> > It is quite simple to create a new keychain, independent of your login keychain, with any enhanced security features you like. (For example: has its own password, distinct from your login password; is not opened automatically at login; closes itself automatically after five minutes.
>
> Exploring a little further, you can put your extra secure keychain
> file onto a USB fob that you carry with you. This provides two factor
> authentication (something you have, the USB fob and something you
> know, the keychain password) and allows you to use your secure
> keychain(s) on multiple Macs. Remove the USB fob and that keychain and
> it's secrets are no longer available for use on that Mac.
>
> I picked up this tip at a talk given by Shawn Geddis (Security
> Engineer at Apple) a couple of years ago. The process is outlined in
> Apple's 'Snow Leopard Security Configuration' document (start at page
> 134)http://images.apple.com/support/security/guides/docs/SnowLeopard_Secu...
> and is also available in  this Macworld article:http://hints.macworld.com/article.php?story=20030523192222638
>
> Barebones is right on the one. Apple provides the technology for
> developers to leverage and , with all due respect, I  there is little
> they can do to improve upon it in this case. Yojimbo is a all about
> leveraging core technology and core data and IMHO that's one of the
> big assets of the software.
>
>  The problem is that Apple doesn't do the best job of documenting
> these features, or more accurately of making "regular users" aware of
> the documentation available. The Security Configuration Guide (also
> available for previous versions of the OS and Server OS:http://www.apple.com/support/security/guides/) is a great start. There are

Jeff Berg

unread,
Apr 17, 2011, 11:25:05 AM4/17/11
to Yojimbo Talk
Please note the OT warning above, there's no Yojimbo content in this
reply. If that's going to make you crazy, please move on.


On Apr 17, 8:42 am, Keri <keri...@gmail.com> wrote:
> I have a hard time finding ways to learn about my Mac, so thanks for
> these links.  Any other authors, forums, blogs, magazines, etc. that people
> would recommend?

First, give up on trying to learn "everything" and understand that it
might take a while to develop well-rounded expertise. Focus on things
that you think are important. I learned about keychains because I've
developed an interest (but not yet an expertise) in security.

For overall OS knowledge books I suggest browsing the computer section
of your local book superstore. There are lots of titles out there and
different books work for different people. Back in the old days, I
generally gave a copy of Robin Williams' "Little Mac Book" to friends.
Unfortunately, even the update to that book is out of date (and not so
little.) You might find David Pogue's Missing Manual to be useful. I
also like the way Andy Ihnatko writes. However, I haven't bought an OS
X manual in many years—the books are too big to read cover-to-cover
and they go out of date too fast to use as references.

You should investigate the eBook offerings from Take Control Books.
(From the publishers of TidBITs—a useful resource in it's own right.)
You might want to start with something like the Macworld Snow Leopard
Superguide.

To look into the specifics of keychains, I'd start with the Apple
security guide I referenced earlier. (It's free.) Beyond that, there's
a section on the keychain in Take Control of Passwords on Mac OS X:
http://www.takecontrolbooks.com/passwords-macosx and there's also
information in the Macworld Security Superguide. (Also published by
Take Control). Disclosure: I get complimentary copies of Take Control
Books in hopes that I'll read and recommend them. I do recommend them.
A "little" book focusing on a specific topic is generally more useful
to me than a giant, general purpose tome and, while I don't always
agree with the opinions and conclusions of the various authors, TCO
books do a good job of explaining the topics they cover.

Online resources are nearly infinite but must be approached with
caution. There is a lot information, much of it good, some of it
'valid but dated', and some of it just plain wrong (or at least
misguided). TidBITs is a decent start. Macintouch has some nuggets,
but read it critically. I'm often at odds with MacFixIt, particulary
memes going back to the earlier days of OS X—and unfortunately still
in common practice today. (Let's not start that war here. :) ) Apple's
support forums can also be helpful, but again you have to do some
filtering.

Finally, there must be a score of podcasts and screen casts available.
Some are subscription based but many are free. Sorry I don't have any
to recommend regarding the general OS, I haven't used them.

My suggestion is to start with resources available from Apple
supplemented by the Macworld Superguide or the missing manual for
dummies tome of your choice. After that, figure out what areas are
important to you (you can't know everything) and use Google, questions
on user forums (such as Apple's) etc. to build your own knowledge
base.

Finally, if you do nothing else, create a good trustworthy backup
system that includes a bootable backup. (Insert gratuitous plug for
SuperDuper! here.) Knowing that you can get back to "where you were
before you did that bad thing" takes a lot of the fear out of
exploring and playing with your Mac.

And now back to our regularly scheduled Yojimbo conversation…



Jeff Berg

unread,
Apr 17, 2011, 11:36:01 AM4/17/11
to Yojimbo Talk
One more thing…

Depending on your location, a local MUG (Macintosh Users Group) can be
a good source of information and education. If you don't find one in
your area, create a Meetup entry and start one. It needn't be anything
more than gathering at a local coffee shop to "talk Macs".

Okay, we can go back to Yojimbo for reals now.

Keri

unread,
Apr 17, 2011, 1:55:15 PM4/17/11
to Yojimbo Talk
Fantastic, thank you!

Chris H.

unread,
Apr 17, 2011, 2:29:21 PM4/17/11
to Yojimbo Talk
I second all of Jeff's recommendations.

And to answer your original question: The Dummies books are very
good.

I would suggest starting with a more general book or tutorial and then
focusing on the areas that you want to build knowledge (using focused
publications, like the Take Control series).

Chris

Seth Elgart

unread,
Apr 17, 2011, 9:52:42 PM4/17/11
to yojimb...@googlegroups.com
On Apr 17, 2011, at 9:42 AM, Keri wrote:

> have a hard time finding ways to learn about my Mac, so thanks for
> these links. Anyone have other ideas/resources to gain this type of
> knowledge?


While not a book, I recommend reading macintouch.com every day. Its focus is on troubleshooting, but if you read the reports you'll learn tons. It's updated six days a week, usually by noon EDT.


Seth

Reply all
Reply to author
Forward
0 new messages