I like and use 1Password too. But maybe someone smarter than I can explain what Goldberg is trying to say re 1Password and the paper "On the Security of Password Manager Database Formats" [1]
One thing, I never liked about the 1Password file format was it's insistence on leaving certain fields unencrypted in order to allow the app to search using those fields. I've pushed for a "high security" preference option were all fields are encrypted to not avail.
I'm willing to trade off the search convenience but that's a choice that Agilebits should allow me to make.
I don't know. I skimmed Gasti & Rasmussen 2012, and reread Goldberg's comment; unfortunately, I also just skimmed the source for for PasswordSafe V3, the "only one" that achieved "MAL-CDBA"; it appears to be cryptographically unsound (MAC-then-encrypt of an idiosyncratic AES-CBC).
Their newer format 'opvault' claims to address it as well as authentication - you're probably best off just googling 'opvault' for the various forum and blog posts about it. You can enable opvault in almost all the platform/sync combinations if you download the current v5 beta.
[1] https://discussions.agilebits.com/discussion/comment/127847/...
One thing, I never liked about the 1Password file format was it's insistence on leaving certain fields unencrypted in order to allow the app to search using those fields. I've pushed for a "high security" preference option were all fields are encrypted to not avail.
I'm willing to trade off the search convenience but that's a choice that Agilebits should allow me to make.