> I definitely understand the aversion to trusting 1password's cloud service, but it's worth noting that their security model is such that it requires minimal/zero trust of the server.
It just requires absolute blind trust on their client apps...
> Your vault is only ever decrypted on the client side
Which is a closed source blob, so, again, requires absolute blind trust.
Yup completely valid. In the context of the original post I was replying to, trust of the closed source client code was always required and that hasn't changed, so it didn't feel relevant to mention. I agree with you that there is significant merit in choosing an open source solution for passwords/secrets management.
