1Password sends your password in clear text across the loopback interface

[jpgoldberg]

You are correct that we are vague about the threat model in this case. But please keep in mind that encrypting local data at rest defends against a whole category of "compromise" (i.e., the data stored long term on the local disk being captured) then the case of a malicious process running on the user's machine while the user is actively using 1Password.

Officially our view is "if a malicious process with user privileges is running on the users machine when they use 1Password, there is little we can do".

But sometimes we try to do better. The example I raise is the steps we take to make things harder for keystroke loggers. We won't go to extraordinary measures to enter a battle that we can't win, but when there are simple things that we can do to make things harder for malware, we will.

See the first three paragraphs of https://blog.agilebits.com/2014/08/21/watch-what-you-type-1p... for some sort of attempt to clarify our vagueness about this threat model.

[hamburglar]

> Officially our view is "if a malicious process with user privileges is running on the users machine when they use 1Password, there is little we can do".

I'm curious about whether you guys can address the distinction between "a malicious process with user privileges is running on the users machine" and "a malicious process with some other user's privileges is running on the machine.". That is, is there a threat that your TCP server could be impersonated, and what could happen in this scenario. It's easy to dismiss a scenario where you already have pwnd the 1password user, or worse, root, but TCP listeners aren't scoped to a user, they are scoped to a (potentially multi-user) machine.