Is 1Password preparing a report on lessons from the LastPass breach?

Former Member

3 years ago

Hello VT1P,

As you may have seen, we have written a blog post that highlights unique facts about our design that keeps you safe if we were ever to be breached.

https://blog.1password.com/not-in-a-million-years/

On Zero Knowledge

In that, I didn't say anything about their use of the term "Zero-knowledge". By many definitions, 1Password's authentication protocol (based SRP) is ZK. We have avoided calling it that because the term "Zero-knowledge" often implies specific ZK techniques, which are not used in Password-Authenticated Key Exchanges (PAKEs) such as SRP. So while PAKEs are ZK, we've been reluctant to use that term as it often suggests different techniques.

I am not aware of any credible definition of ZK that would apply to my current understanding of LastPass's authentication protocol, but I don't claim expertise in their protocols and I have not sought out their explanation of why they consider it ZK.

Again, my focus was on their erroneous claim of "millions of years" and on how 1Password could truthfully say that if we were to suffer from a similar breach.

Forum Discussion

Is 1Password preparing a report on lessons from the LastPass breach?

On Zero Knowledge

Recent Discussions

Preview Password Truncates

HELP! Settings, categories etc oh my!

Safari extension broken for multiple years + generally more glitchy and worse experience over time

HOA PORTAL SIGN IN

Watchtower and password ages