[forty]

Hi, just seeing this now. I work at Dashlane.

What part is concerning for you? I have not double checked the claims on the marketing content, but on the technical ones:

- Re: Argon2 parameters, what they don't say is that even with those parameters, this is still way better than most of the competition which uses PBKDF2 (it's equal to 1M6 pbkdf2-sha2 rounds - see https://infosec.exchange/@sc00bz/109611328606658997).

- Re CBC vs GCM: We do encrypt then Mac as we should. Also we don't use the same key directly for AES and MAC, we stretch the key to have a longer key - or we even directly use a long 64 bytes key in some cases - that we split for both purposes.

- You can get our GPG key here https://www.dashlane.com/security/researchers. It's owned by security@dashlane.com and is using ED25519. In don't know which key they checked, but I don't think it's ours :)

I hope this helps!