By reading this and other discussion on this forum, I’m also a bit worried about the possibilities of brute-force attacks to a container in the cloud. Computational power is available to people needing it. And for weak passwords, less power is required.
There just recently were similar discussions around similar technologies for password managers like LastPass (got hacked) and 1Password. I’m no security expert, but from my understanding following those discussions, the differences between both implementations were exactly this: while 1Password does combine a possible weak user password (because you wanted to keep it simple by design) with a random additional key to be stored separately by the user (or in their cloud). It was seen as much more secure now as LastPass which is open to brute force attacks of their offline containers.
Why does the 1Password architecture seem as a good approach? Users have to enter their passphrase, which get’s combined with the really-random-long security key as a second factor stored in eg Keychain or their cloud server making up the real thing, so the possibility of a weak password is 0.
Me too: I’d like to have a container, which is not vulnerable to brute force attacks of any kind and has protection agains user errors. And one of the biggest weaknesses is the user.
One could leverage the concept from 1Password with Cryptomator. It seems it is proven now for years.
But maybe I’m completely on the wrong thinking trying to understand the technology.