• qqq@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    This is not necessarily true.

    For example, consider the case of a 1Password vault falling into the hands of an attacker. They do not have the option to just crack your password, as the password is mixed with a randomly generated value to ultimately derive the key. They would need to simultaneously brute force your password and that random value. This should almost be impossible. However, given access to a client that already has knowledge of the secret value, it would fall back to brute forcing the password.