Hi out there,
Just recently, Slovak and Czech researchers have found a very serious flaw in Infineon's crypto library which generated crippled RSA key pairs back since 2012. These key pairs allow the private part to be calculated from the public part in a very short term. Find the details on the ROCA (Return of Coppersmith's attack) in this article.
Is 1Password eligible to this flaw?
The paper giving the details of the flaw will be published on November, 2nd. So there is some time left to react, at least with respect to currently used keys. This is not the case with respect of formerly stored vaults, e.g. on a Dropbox. These vaults might be completely exposed to this attack without any chance to counter-act. There's only one chance in a situation like this: Change all your passwords prior to November, 2nd.
Please take this serious since it is one of the worst scenarios thinkable with respect to RSA cryptography.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided