So I'm reading on pg 22. The red block. How hard is it for 1Pass --basically a m... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		cies on Jan 19, 2022 \| parent \| context \| favorite \| on: Bitwarden: Free, open-source password manager So I'm reading on pg 22. The red block. How hard is it for 1Pass --basically a mandated MITM-- to send a false request to Alice when Bob made a request? That whitepaper is a piece of marketing text. Not saying their audit did not take place. But they are soooooo powerful in their own system that they basically have access to everything. BitWarden: not so much.

a10c on Jan 20, 2022 [–]

> How hard is it for 1Pass --basically a mandated MITM-- to send a false request to Alice when Bob made a request?

Alice is the one that initiates the request. She owns the vault being shared and encrypts it with Bob's pre-shared public key.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact