top | item 43306522

(no title)

Rury | 11 months ago

No I understand dual key encryption, and like I said, there is still something stored (the key as well as the passwords in the vault). What you do not understand is how this is inherently less secure than not storing anything at all.

To give you a concrete example, 1Password doesn't guarantee you from say, being compromised by a keylogger, and someone stealing your master password (never mind the key which is in fact stored). A secret heuristic doesn't necessarily face such risks. Sure that doesn't automatically mean a secret heuristic guarantees you better security, but that's not the argument.

discuss

commandersaki|11 months ago

Sure I’ll cede that storing nothing is safer. Yes an _authenticator_ is stored implicit in the MAC of the ciphertext holding the vault key, so in a way a key stretched version of the master password is validated. So with both a secret key and vault key wrapped ciphertext you can launch an offline attack.

But the keylogger or malware argument is a lazy one tbh, not only does it affect your secret heuristic as any input password is affected, basically no software can be guaranteed to be safe from malware or keylogger except maybe that running in something like a Secure Enclave or if your OS supports secure entry on certain fields (1P on Mac does this). If you’re in that position you got bigger things to worry about anyway.

But anyways it all depends on implementation as I said. 1P also supports passkey unlock eradicating the need for the master password (secret key stays), so you can still have the security you desire, particularly if you use a FIDO2 security key like a yubikey.