Hacker News new | ask | show | jobs
by wglb 2470 days ago
But does the server have the ability to decrypt?
1 comments
geofft 2469 days ago
No, for all the major / well-respected password managers (and probably for all the minor ones too), all the crypto is done client-side.

1Password, for instance, has a pretty good security doc about it: https://1password.com/files/1Password%20for%20Teams%20White%...

link
wglb 2469 days ago
It is unclear if LastPass is well-respected, and if I recall correctly, at least at one point, the master key was accessible by the server.
link