ETH Zürich paper concerns
Came across this study titled "Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers," whose study is available at
https://eprint.iacr.org/2026/058.pdf
Because of your secret key used in 1Password, brute forcing is made impossible. What happens, though, if some miscreant gains access to 1Password servers?
From Appendix D of the study:
"Disclosure. We disclosed our findings to 1Password. Their
response was that they regard them as arising from already
known architectural limitations. They did not request an embargo period."
