TWIT 909: So Many Beans

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

Hi @Leo , I think you misunderstood Doc Rock, when he was talking about 1Password.

When you set up 1Password, it generates a random string, which is your secret, then you create the master password. You need both to decrypt your safe. In addition, you can add a 2FA Authenticator or Yubikey to log on and get your safe. But, when you set up a new device, you need the username, password and 2FA, plus the secret, in order to access your account and set up the safe on the device.

If the encrypted blob is stolen, like they were at LastPass, they still need the secret and the master password to decrypt it. Obviously, if they have the blob, they don’t need the 2FA to access the 1Password servers.


Bubble and Squeak is traditionally left over potatoes and vegetables from the previous meal/previous day. Usually after the Sunday roast, you would have Bubble and Squeak on a Monday. The potatoes are mashed down and the vegetables cut into small pieces and made into patties and placed in the frying pan.

As cabbage of some sort was usually left over, it is associated with cabbage - in our family, it was usually cabbage or Brussels’ sprouts, but sometimes carrots or broccoli.

It gets its name from the way that the vegatables bubble and make squeaking noises in the frying pan - you only use a little amount of oil or fat, you don’t swamp the whole pan in oil.


Seconding this point… Doc Rock was completely correct initially, even with a stolen vault you still need the combination of secret key and master password to be able to unlock it. According to 1Password, “It has 128 bits of entropy, making it infeasible to guess no matter how much money or computing power an attacker has available.”.

1Password has a great white paper on how this all works.