I kinda think they’re overselling the importance of the Secret Key…in the end it’s just a second password that is needed in order to break into your vault…and they pooh-pooh (for instance) the password for say DropBox if that’s where you store your v7 or earlier vault because theirs is so much better…but in the long run it’s just used to increase the entropy in your encryption and hence the cracking time…and a long password with the full 95 character alphabet provides a very long cracking time anyway so doubling or whatever that very long time doesn’t mean much.
The main reason for the Secret Key…or the fingerprint phrase or whatever in other managers…is to protect against crappy master passwords by adding essentially another long password that forces the bad guys into either moving on to another target or resorting to brute force attack…and practically none of us are worth that kind of expense.
It is true that Amazon and others sell computer time pretty cheaply…but a quick look at Steve Gibson’s haystack size page shows that long pretty quickly gets you into 10s of thousands to millions of centuries and while Moore’s Law still applies and computers will always get faster…it would take many orders of magnitude of improvement in computer capability to make a difference in that very long time…and even when those orders of magnitude eventually happen I’ll be dead and gone, still won’t be worth the effort, likely those orders of magnitude won’t be easily/cheaply available for even longer after they’re invented, and one can always just choose an even longer password to change the master password to.
I’m not knocking the Secret Key at all…it’s a good idea but they’re overselling it as the be all and end all in security enhancement that only they have.
Nonetheless…I’m still using v7 and will continue to do so until it breaks…and then I’ll evaluate v8 once again to see if it adequately fixes the critical flaws that v8 currently has…otherwise I will just move on. I’ve had a relatively long email discussion with their support folks regarding testing of v8…and their minds are made up it seems to me…they’ve made decisions as a company that I can’t fault them in making because they do exist to make a profit…but some of their decisions are not in the best interests of their users but in the best interests of the company and it’s VC investors.