|
|
|
|
|
|
by vc8f6vVV
2377 days ago
|
|
|
While what you are saying seems technically sound it implies that you do everything right when generating Secret Key. Let's imagine you have a bug and it fills Secret Key with zeros (or some fixed sequence) and it becomes known after quite some time, and in between your server is compromised. How much easier it makes for an attacker to decrypt data en masse? I would assume some people may not like that such attack vector even exists. |
|
|
It's also important to remember that your Master Password still plays a role and YOU provide that. If you use a weak Master Password, and we somehow introduced a bug that set the Secret Key to 0's, then your Master Password would be the only thing protecting you. In an ideal world you'd continue to use a strong Master Password.
Kyle
1Password Security Team