i think the question was really about security of the server not the protocol or client use. can anyone with access to the secstore files on the secstore machine, specifically its administrator, do a dictionary attack on those files?
yes. if i log in to my secstore as the owner of the secstore files, i can see the file factotum, and run auth/aescbc -d to decrypt it. of course, i know my own password in this case, but that answers the question about the file. it just emphasises the general importance of choosing (or generating) good encryptiono keys. of course, since the server just stores files as provided by the client, there is nothing to stop the client making the scheme more elaborate than currently is done for the file `factotum', and the client could easily use a fancy scheme to generate and recover a `password', since it never leaves the client. in short, the security is ultimately limited by client choice, and that choice is not itself limited by the server or protocol.
