Submitted by BasedSweet t3_10z1kx5 in technology
jmpalermo t1_j81z2rv wrote
Reply to comment by AwakenGreywolf in Millions of passwords stolen from LastPass earlier than company disclosed: Report by BasedSweet
The data stolen was encrypted. LastPass doesn’t ever have unencrypted passwords. However, the encryption is only as strong as your master password.
PMs_You_Stuff t1_j82uslf wrote
So, my 16+ digit alpha numeric password is safe?
jmpalermo t1_j82v4yx wrote
If that is your master password, yes. If that was a stored password and your master password was “Password1!” like mine was, then you need to rotate all the stored passwords.
steven4297 t1_j85u4zv wrote
I use a simple phrase and convert it using base64encode.org
So say I type "I love pizza!"
It returns "SSBsb3ZlIHBpenphIQ=="
Best way I've found to make passwords
jmpalermo t1_j85w796 wrote
Just a phase itself is a really good password
thirdender t1_j85zxsq wrote
Is it bad that I know exactly which xkcd that is without checking?
cryptosupercar t1_j839wmc wrote
Do a quick check. Every year produces faster processors and gpus
FreeWildbahn t1_j83qro8 wrote
Did you calculate the number of combinations? 62^16 are 4.7 * 10^28 combinations. This will hold for a veeeery long time.
Dominicus1165 t1_j83t9mx wrote
As Long as the password is not vulnerable to a rainbow table attack
FreeWildbahn t1_j84wf1x wrote
For a rainbow table attack you need a hash like the passwd file on linux systems. But we are talking about cracking a password safe.
jmpalermo t1_j85whp1 wrote
Any responsible site will salt the password before hashing it which makes rainbow table attacks worthless. Not every site is responsible though…
sopwath t1_j87biaq wrote
That’s not what a rainbow table is. Also, rainbow tables are defeated by salting.
Dominicus1165 t1_j87obtb wrote
Yeah i know. I meant a dictionary attack… with the dictionary provided by the user and only the correct websites to be found.
Toasty27 t1_j881vl9 wrote
Rainbow tables are easily thwarted by salting passwords before hashing. Most systems do this nowadays. Pretty sure LP also does this.
[deleted] t1_j84dyw4 wrote
[deleted]
guatemaleco t1_j84e7xv wrote
16 characters seems low unless it’s a randomly generated password. PBKDF2 iterations would also matter a lot here. The most determining factor is probably how likely of a target are you? Are you likely worth the compute time?
[deleted] t1_j84lawy wrote
[deleted]
belteshazzar_der t1_j85klag wrote
This is incorrect. They stole the password vaults themselves, so if they crack your master password they'll get access to all of your passwords. Doesn't matter if you have 2FA on. This is one of the main reasons why this breach was so bad.
guatemaleco t1_j8gt399 wrote
Yea, 2FA is not used in encryption at all. It's only part of authentication to retrieve the encrypted vault. Since the vaults were already stolen, 2FA is meaningless here.
nlgenesis t1_j83tdn5 wrote
If you read the article, you will read that, while the passwords were encrypted, a lot of other stolen data (usernames, websites, other data) was stored unencrypted.
[deleted] t1_j84dgai wrote
[deleted]
guatemaleco t1_j84dahy wrote
Usernames WERE encrypted.
spsteve t1_j85qm3y wrote
I have heard both options from reputable sources. Normally I would trust the company statements, but given their handling of this I trust NOTHING that touched them.
schussboomer t1_j86n943 wrote
username, password, and password notes are encrypted. The website URL is only hex encoded so it might as well have been in plain text. In other words, hackers know which websites you have passwords for (so beware of phishing attacks) but if you have a strong enough master password, they are still probably trying to crack your vault. You can see for yourself what is encrypted by downloading your encrypted vault - this was a good article which helped me figure that out: https://palant.info/2022/12/24/what-data-does-lastpass-encrypt/
At any rate, going forward, 1password seems to be a better choice because of the additional secret key required to unlock the vault.
In the end, there is no substitute for a good, strong master password.
ISLITASHEET t1_j86o22x wrote
The same vault that is stored server side should be what is available locally. Older vaults may be different, so your mileage may vary.
I know that I examined my local vault and fields that were associated with a credential were encrypted, but names and URLs were not. Some URLs were stored with a token in them. Regardless of that fact, I cycled all of my credentials as I migrated to another provider.
spsteve t1_j875o99 wrote
As I understand it a lot depends on when you started using the service, including the number of rounds used on the master password.
guatemaleco t1_j89nwz6 wrote
I wasn't basing that on statements from Lastpass. I just presented on this at work and as part of preparing the presentation, we analyzed Lastpass Bitwarden and 1Password vaults as they are synced to their respective services. Palent's blog was certainly one of the sources we used in putting together the analysis.
Some interesting takeaways are that Shared Folders and Federated authentication offered some additional security. 2FA is completely meaningless in this situation as nothing from 2FA is used as part of the encryption key derivation.
As you also mentioned, age of the account made some differences (though not in username encrypted or not). Default iterations being a big one, and AES-CBC vs AES-ECB, which would certainly make usernames more easily determined.
mrDragon616 t1_j85fdig wrote
Wouldn't that be the same as a hash password? Or wouldn't it be better if everything was hashed as opposed to it being encrypted by it's master password?
jmpalermo t1_j85g5cn wrote
Hashed passwords are only useful for verifying somebody has the password. So if you are a website, you store only a users password hash, then when they try to sign in, you hash the password they’re logging in with to verify it matches.
You can’t reverse a hash back into the original password though.
So for you to be able to retrieve your passwords from LastPass, the password must be stored, not just the hash.
mrDragon616 t1_j85i8aq wrote
Oh ok that makes sense. Thank you!
blackenedEDGE t1_j870qic wrote
While true, LastPass derives the encryption key from your master password using an algorithm called PBKDF2. There are guidelines for how many iterations of the PBKDF2 you're supposed to use--on the client side, server-side iterations are mostly irrelevant in regards to overall security. LastPass failed to follow these guidelines and failed to guarantee those who had vaults prior to each increase in the recommended iterations--or at least whenever LastPass actually increased the number by default for new vaults--were encouraged to login asap and re-encrypt their vault with a key using the new default number of iterations to derive the key from their master password.
The current guidelines--which LastPass was informed of by OWASP--are to use at least 600,000 iterations. Only after being breached did the increase it...but only to the previous recommended number, 310,000. However, as of the breach that saw vault backups stolen, there were still some vaults that had less than 310K, even as low as 1 for a few people who've been customers for a long time.
SatisfactionAny20 t1_j878cc0 wrote
It's not as straight forward as that, as it turns out, LastPass doesn't encrypt everything. The hackers managed to steal customer's unencrypted email addresses, and the list of websites that the customer has passwords for. Maybe even billing addresses
LeoBeMe t1_j86nav6 wrote
The vault backups is what was breached, which is even worse
EntertainerOrk t1_j83vbsq wrote
Terrific, so instead of having to crack a dozen different passwords for your different accounts, they have to crack one and they got them all. The modern equivalent of using the same password fir every account. Top notch, guys.
Distracted-Tinkerer t1_j84zxwy wrote
This is why you use a strong master password. Tip: 25+ character passphrase with at least one capital letter, number and special char is S-tier. Also pretty easy to remember.
Viewing a single comment thread. View all comments