Matthew GreenDec 23, 2022
Password people: what is the “guesses/sec” on a LastPass password vault? At both 5000 and 100,100 iterations PBKDF-SHA2 using the hardware of your choice.
Show threadraynor🌲 (not verified)

@matthew_d_green This answers the 100,100 pretty well

https://palant.info/2022/12/23/lastpass-has-been-breached-what-now/

LastPass has been breached: What now?

You should be very concerned about the LastPass breach. Depending on who you are, now might be the right time to change your passwords.

Almost Secure
Dec 23, 2022 at 5:28pmWeb
Show threadWladimir PalantDec 23, 2022

@raynor @matthew_d_green Yes, judging by https://gist.github.com/Chick3nman/32e662a5bb63bc4f51b847bb422222fd it will be 1,771 kH/s and 88 kH/s respectively on RTX 4090. The latter isn’t great, but the former is absolutely horrible.

I didn’t realize until today that LastPass failed to upgrade accounts from 5,000 to 100,100 iterations. They’ve had almost five years for that.

Hashcat v6.2.6 benchmark on the Nvidia RTX 4090

Hashcat v6.2.6 benchmark on the Nvidia RTX 4090. GitHub Gist: instantly share code, notes, and snippets.

Gist