[commandersaki]

How is any of this a threat to 1Password E2EE?

The point is if they even have access to my encrypted data, they wouldn't be able to access the plaintext without the key (and yes the passphrase is not sufficient).

This is just lazy scaremongering.

[namaria]

The point you're trying to make is a trivial one: in the absence of errors, there are no problems.

LastPass e2ee was never the problem in the original story either.

[commandersaki]

You are wrong, the article posted said the heists happened because of both a breach and cracking master passwords. LastPass E2EE relied on keys from the master password using a password hash that had a low iteration count. Therefore low entropy passphrases could easily be cracked. Furthermore not all data was encrypted. This is all a weakness of their E2EE. 1Password uses both PAKE for remote authentication and a high entropy key (128-bit) and therefore doesn't solely rely on a master password. There is an actual difference.

Of those links you posted, two of them could've equally affected a password manager that was local. All password managers can be subverted by external threats whether using cloud storage or not.

My point is, properly implemented E2EE (hopefully vetted by cryptographers) is marginally different to a password manager using local storage. Sure having it cloud hosted can affect more than one user, but attacking the ciphertext data would be infeasible.

[rm_-rf_root]

> attacking the ciphertext data would be infeasible

If insufficiently protected, any attack surface may be compromised. It’s just a matter of time, resources, and will.

“The only winning move is not to play.”

[commandersaki]

I don't know what you mean by insufficient protection, but as I said proper E2EE implementation provides sufficient protection. A symmetric encryption scheme that satisfies IND-CCA2 with a high entropy key is infeasible to decrypt without knowledge of the key. This is well understood basics of cryptography. LastPass failed at the high entropy key part / slow password hash, but also leaking metadata in plaintext. Pretty much other password managers don't have this issue, both local and cloud based.