I am bit disappointed they did not immediately jump on implementing the two straightforward recommendations:
> PROPOSED MITIGATION. A straightforward mitigation is to
have the client sign vault keys using the RSA private key in
the keyset before encrypting them with the RSA public key.
> PROPOSED MITIGATION. [...]
it would be easy for 1Password to prevent it entirely: the secret key can be used (with proper key derivation) to authenticate
the KDF parameters with a cryptographic MAC.
To be fair, these issues are not really impacting long-time users. I have hundreds if not thousands of items in my vaults, there's no way i'm not noticing if they dissappear (which would be a side effect of these attacks).
Overall, I think 1password can be proud of their architecture and product quality, but i'd love to see these improvements - and maybe something like a "signal verification code" for sharing?
herczegzsolt|8 days ago
> PROPOSED MITIGATION. A straightforward mitigation is to have the client sign vault keys using the RSA private key in the keyset before encrypting them with the RSA public key.
> PROPOSED MITIGATION. [...] it would be easy for 1Password to prevent it entirely: the secret key can be used (with proper key derivation) to authenticate the KDF parameters with a cryptographic MAC.
To be fair, these issues are not really impacting long-time users. I have hundreds if not thousands of items in my vaults, there's no way i'm not noticing if they dissappear (which would be a side effect of these attacks).
Overall, I think 1password can be proud of their architecture and product quality, but i'd love to see these improvements - and maybe something like a "signal verification code" for sharing?