There was an article on HN earlier this week about PBKDF2 iterations[1]. The gist of the article was that adding iterations to the key derivation function doesn't actually increase the entropy of a password all that much. No matter how much education and encouragement they're given, some users will choose weak passwords, and those passwords will be crackable even with any reasonable number of DF iterations.
This was good support for 1PW's 2-key solution, since one of the keys is randomly generated with a true 128 bits of entropy, no matter what password the user chooses, a compromise of the service's data store alone will mean the user's vault encryption key is uncrackable.
> The gist of the article was that adding iterations to the key derivation function doesn't actually increase the entropy of a password all that much.
I know your linked article talks about it a bit like this, but I think it's wrong to think about PBKDF2 as "increasing the entropy" of a password. The number of PBKDF2 rounds just increases the cost of each guess an attacker makes, but doesn't fundamentally change the number of guesses an attacker needs to make. To me it's basically the constant multiplier term with respect to Big-O notation - that is, while some process make take 1000N time or 10N, it's all still just O(n).
So, that said, I 100% agree that 1Password's approach of using a truly random 128 bit string as part of the key is fundamentally an uncrackable approach while LastPass's was not.
I'm a user of 1Password and a huge fan of the service but I'd really like to have a device sponsor another device automatically (like how iCloud does it) instead of having to present the secret key to the user to manually input into the new client.
I agree providing the Secret Key to other devices can be a pain. In fact it's our #1 onboarding challenge. On Apple devices specifically it's much easier as we can store it in iCloud Keychain, but we'd like to make it simpler everywhere.
Curious if you've had a chance to try the Setup Code? It's not as slick as iCloud since we don't own the OS, but it enables you to scan the code and get all the account details on your new device. That way all you need to do is type your password.
On that note we recently had a hackathon around this to make things even simpler and we had some success there. I'm hoping we can make this real and share it in an update later this year.
I will reach for my secret key perhaps once or twice per year when I buy a new device. That being so, it's really no biggie to type in.
The obvious benefit of a secret key is its high entropy. But I also like how the secret key discourages me from logging into 1Password on anything but my own, trusted, devices. In my view, password managers should not be accessed from other people's computers or internet kiosks.
"Your Secret Key and your 1Password account password both protect your data. They’re combined to create the full encryption key that encrypts everything you store in 1Password."
I would be very impressed if the 1Password CEO released his/her encrypted vault to the public. It would be a real vote of confidence for the encryption.
This was good support for 1PW's 2-key solution, since one of the keys is randomly generated with a true 128 bits of entropy, no matter what password the user chooses, a compromise of the service's data store alone will mean the user's vault encryption key is uncrackable.
[1]: https://neilmadden.blog/2023/01/09/on-pbkdf2-iterations/
Disclaimer: I'm an employee of 1Password.