Agilebits 1Password support and Design Flaw?

[epixoip]

no, that's only half the issue.

the other half of the issue is that 2 blocks of hmac-sha1 are required to generate 320 bits, but only 1 block is required to validate the password. defenders have to do n*2 iterations to derive, attackers only have to do n iterations to validate.