Comment by rdl
8 years ago
Does 1Password really send anything meaningful in their API queries, or is it encrypted separately and then just sent over HTTPS?
8 years ago
Does 1Password really send anything meaningful in their API queries, or is it encrypted separately and then just sent over HTTPS?
For what it's worth, I've posted this question in 1Password's support forum, which is frequented by 1Password staff: https://discussions.agilebits.com/discussion/75711/cloudblee...
1Password has said via their blog that nothing was compromised whatsoever: https://blog.agilebits.com/2017/02/23/three-layers-of-encryp...
More details are promised in the coming days.
According to their blog post about this issue they use multiple levels of encryption to guard against compromise at the SSL/TLS layer - https://blog.agilebits.com/2017/02/23/three-layers-of-encryp...