Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Has there been a similar evaluation of 1Password?


> Much like the other products we analyse, 1Password lacks authentication of public keys. This trivially enables sharing attacks similar to BW09, LP07 and DL02, something that the 1Password whitepaper...

> IMPACT. Complete compromise of vault confidentiality and integrity. The adversary can read and decrypt all vault con- tents encrypted after the attack, including passwords, credit card information, secure notes, and other sensitive data stored in the vault. Similarly, they can inject new items into the vault after the attack. REQUIREMENTS. The client fetches key material from the server, for example due to the user logging in on a new device. If executed on a non-empty vault, the attack results in the client losing access to all items already in their vault, while leaking any new items added to the vault after the attack took place. If the attack is executed at the time of vault creation, the attack is effectively undetectable by the client, since it cannot distinguish between a ciphertext it created and the ciphertext created by the server during the attack. PROPOSED MITIGATION. A straightforward mitigation is to have the client sign vault keys using the RSA private key in the keyset before encrypting them with the RSA public key. Ideally, two different key pairs would be used for...

from the paper: https://eprint.iacr.org/2026/058.pdf


1Password wrote a response to the paper: https://1password.com/blog/eth-zurich-zero-knowledge-malicio...


I am bit disappointed they did not immediately jump on implementing the two straightforward recommendations:

> PROPOSED MITIGATION. A straightforward mitigation is to have the client sign vault keys using the RSA private key in the keyset before encrypting them with the RSA public key.

> PROPOSED MITIGATION. [...] it would be easy for 1Password to prevent it entirely: the secret key can be used (with proper key derivation) to authenticate the KDF parameters with a cryptographic MAC.

To be fair, these issues are not really impacting long-time users. I have hundreds if not thousands of items in my vaults, there's no way i'm not noticing if they dissappear (which would be a side effect of these attacks).

Overall, I think 1password can be proud of their architecture and product quality, but i'd love to see these improvements - and maybe something like a "signal verification code" for sharing?


It seems like 1Password is significantly more secure given the ratio of its market share to the number of articles I’ve seen like this one.


See https://zkae.io/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: