undefined | Better HN

0 pointszzyzxd2y ago0 comments

> If they had stuck with the old model, a breach would have no chance of impacting users, but now, we're left scratching our heads and speculating about the true extent of the damage.

Well, since 1P clients are not open sourced, you always have to trust that they implement their white paper correctly, this is regardless before or after the transition.

Now, if you do trust them, then you should believe when they say that "IdP is only used for authenticate downloads of _encrypted_ secrets and the decryption only happens on device with a local credential", in which case a breach of IdP still would have no chance of impacting users.

I have a lot of rants about this transition, but the storage location of encrypted data is never something I worry about. In the past it was my personal iCloud/Dropbox accounts, now it's my 1Passowrd.com account. Am I missing something?

0 comments

greyface-2y ago

> you always have to trust that they implement their white paper correctly

Actually, no - if they implement their whitepaper incorrectly, and I manage to keep my insecurely-encrypted vault blob private, I'm still safe. Bad implementation is only a risk if there is also a data breach. This is defense in depth. Your argument is based on an all-or-nothing model of trust, rather than one where trust can be contextual and partial.

Would you be comfortable uploading your vault somewhere 100% public, rather than behind authentication with iCloud/Dropbox/1P, since it's safely encrypted?

1 more reply

activescott2y ago

A regular public audit by security firm would help increase confidence in a close source system. In fact, it would help in an open source system too.

j / k navigate · click thread line to collapse