It's really simple. It just doesn't consider anything unexpected happening.
Compromised algorithms are unlikely. But not impossible. Quantum computing enabling brute force attacks is unlikely in the immediate future, but not impossible. Certificate pinning compromise during transport is not implausible for state actors.
And in those scenarios and others, having the vault stored remotely on someone else's machines is inherently less secure than not.
Compromised algorithms are unlikely. But not impossible. Quantum computing enabling brute force attacks is unlikely in the immediate future, but not impossible. Certificate pinning compromise during transport is not implausible for state actors.
And in those scenarios and others, having the vault stored remotely on someone else's machines is inherently less secure than not.
The assumptions made in the paper are clumsy.