I admit that I did not realize possible scenarios could be missed, but I figured 1Password - being a password storage and management tool - would have performed at least most of them. If it was truly missing a small number of situations where passwords could be stolen by accessing backups or stealing decryption keys from a backup on a known network, that should be relatively easy to find.
In this post, I attempted to provide details of why 1Password likely did not (as implicity suggested by some) do all the hard work and write all the code for this even though the resources available to it may be available even to those whose resume is limited to teaching grade school.
However, I feel strongly that the reaction by 1Password to this situation and public discussion involving this particular issue, in public discussion, has been swift, kind, productive and productive.
So I'd like to say thanks to those members of the 1Password community that have taken the time to speak up in this situation and to clarify the discussion, and to apologize for the way the development team and I have handled the discussion with the user base.
This is not a reflection of the workmanship or professionalism, or even my own, as a member of the 1Password community. I've never tried to cover up the issues we've had in the past, or tried to prevent discussion of them. Indeed, I've actually tried to be very transparent and open about my own mistakes and missteps over the last few years.
So while I want to apologize and applaud the community for coming together, and for helping us to identify and fix the issues, I also want to be honest about when I was wrong and when we chose the wrong path. And I wanted to reassure you that we have heard you and that I apologize for how we have handled this.
In order to get the bootloader to accept the ROM one first needs to reset the push register in order to enable the boot loader again. This takes a permanent storage volume, so it won't exist on a user memory card and thus will not be lost when iTunes resets the device. To reset push register: d2c66b5586