| HN Mirror

First a password manager would never store a key unencrypted on the cloud.

When implemented correctly a password manager storing the database shouldn't have any information (keys) to decrypt the database. Only the user & the client knows this information, and it never leaves the client.

There is still the matter of authenticating to the password manager service to retrieve the database. There's a couple of ways to do it, but usually a strong password hash (least desirable and I think this is what LastPass uses) or a Password Authenticated Key Exchange (PAKE) in which the service keeps an authenticator to verify your password/credentials but the authenticator cannot be reversed or attacked to determine the password (similarly observing the PAKE transaction over the wire or MITMing it won't allow any attack to find the password).

Even if the authentication aspect fails and someone could download all the databases, the database should be protected with at minimum a slow password hash, so a dictionary attack should be very slow. I believe LastPass has stuffed this up in the past. On the other hand, 1Password took a proactive stance despite a hit to the UX by requiring a password + "secret key" which is I believe at least a 128-bit secret that's mixed together to come up with a high entropy password that is used to encrypt the database - so an attacker will have a hard time with any 1P database.

Put bluntly, as a 1P user I'm the least bit concerned that the database is stored in the cloud. I guess the only thing I have to worry about is a surreptitious version of 1Password being distributed to my machine which may capture/exfil my password & secret key. I guess not being open source is a net negative here. So I do place some trust and faith in AgileBits to protect their supply chain and software distribution. Their reputation depends on the security of the service after all.