Mastodawn

Glyph Dec 23, 2022

While you should stop using LastPass in favor of better password manager soon, I think it's important to keep a few things in perspective:

1. This isn't your fault. LastPass fucked up. It was reasonable to trust them, and they betrayed your trust. (Infosec folks: Do not shame people for not knowing this. If we knew and they didn't, that's on us. We should have communicated this better.)

Glyph Dec 23, 2022

2. You are still in a way better position, having used a password manager, then you would have been if you just reused passwords or used some predictable scheme for them. This is NOT some kind of proof that password managers (even cloud password managers) are inherently a bad idea. The alternatives are worse.

∇entor Dec 23, 2022

3. Your passwords are now almost certainly crackable, particularly if you've had an account for a long time. It looks like LastPass has never upgraded the difficulty factor on their KDF, which is very bad. But "crackable" is not the same as "cracked". It is eminently possible to crack a password in a couple of days, but *each* password is going to take at least a few hours on some very high-end hardware; attackers will need to be motivated.

Glyph Dec 23, 2022

4. Don't panic. Find your highest-priority passwords, reset a few (the top 10, let's say) with your new password manager. But then, set a recurring task for yourself to reset 1 password every few days. Maybe for the short term make it 1 every day. But don't freak out and ruin your holiday resetting hundreds of passwords. It takes a distressing amount of time, and unless you're a really high-value target you're not going to be first on the list to get hacked.

Glyph Dec 23, 2022

5. Panic a *little* bit. Right now, today, you're at relatively low risk of having all your accounts compromised. In 6 months, you're going to be at very high risk. The data's out there, and attackers will be sifting through it. Take that recurring task seriously. Stick to it, and keep rotating credentials. Once you're through the backlog of this pile of LastPass stuff, keep doing it as basic infosec hygiene. Passwords should not last forever.

Harshad Sharma Dec 23, 2022

@glyph Thank you.

astroboy Dec 23, 2022

@glyph That's why you should trust only open source software for these kinds of things.

Shecky - Third Wheel Dec 23, 2022

@astroboy @glyph you mean open source never has vulnerabilities?
Yeah, right.
Try this means do your own research and find what fits your risk level.

astroboy Dec 23, 2022

@siliconshecky @glyph Good point, but open source has less security vulnerabilities in general. And also, I wouldn't trust my passwords to a closed source app.

protolulz Dec 23, 2022

@astroboy @siliconshecky @glyph "many eyes make bugs shallow" didn't always work out too well for some projects (looking at you, CVE-2014-0160 "heartbleed" ) -- just saying.

Shecky - Third Wheel Dec 23, 2022

@astroboy @glyph @protolulz thing is there is rarely many eyes, and almost always never as many as one thinks.
The many eyes tends to go at bug bounty programs which tends to be for closed source. ;)

Glyph Dec 23, 2022

@siliconshecky @astroboy @protolulz it works when the units are the same. many hypothetical eyes makes all hypothetical bugs shallow ;-)

Tom Dec 26, 2022

@siliconshecky @glyph @astroboy Those who actively researched the hypothesis “open source has fewer vulnerabilities” have not found evidence to support the proposition.

If you have contrary sources (other than decades of proof by repeated assertion), please share.

https://epub.uni-regensburg.de/21250/1/CACM_-_Is_open_source_security_a_myth.pdf

Simson Garfinkel Dec 25, 2022

@siliconshecky @astroboy @glyph I don’t think that most users can do their own research. And I told many not to use LastPass but too many newspaper columnists were recommending it.

Glyph Dec 25, 2022

@xchatty @siliconshecky @astroboy unironically whenever anyone says “do your own research” it’s an indication that the social institution whose job it is to manage that issue and educate the public about it is failing. In this case, infosec writ large

Glyph Dec 25, 2022

@xchatty @siliconshecky @astroboy users are not qualified to do their own research *or* assess their own risk. If they *do* do their own research they’ll most likely just develop extremely misguided ideas about password entropy. Hell, *I’m* barely qualified to do that and I’ve got years of relevant technical experience.

Shecky - Third Wheel Dec 25, 2022

@glyph @astroboy @xchatty calling them Users instead of people is the start of the problem, cause reality is you and I are “users” also.
Second, the majority of us talk down to them so why should they listen to us anyway?
You and I are not qualified to assess an individuals risk off the bat anyway as we do not know them. They on the other hand, evaluate their risk for almost everything on a daily basis. What they need is a resource they can trust and will treat them like a person to ask questions of.
That is called doing their own research.

Glyph Dec 25, 2022

@siliconshecky @astroboy @xchatty most laypersons do not understand the basics of threat modeling and do not understand what questions to ask. But I will grant that there is a tremendous amount of unhelfpul and snide condescension in the industry, and there’s not really any such thing as a trustworthy practitioner in infosec in the same way one can go get treated by a doctor, retain a lawyer, or be advised by a fiduciary.

Glyph Dec 25, 2022

@siliconshecky @astroboy @xchatty Like I could tell you “you should listen to your lawyer, don’t try to wing it in a courtroom” but who exactly *should* you listen to in infosec? The employees of the major corporations who built the product that you’re using? The author of a book on personal security? Some random dude on social media? (Hello)

Glyph Dec 25, 2022

@siliconshecky @astroboy @xchatty Probably yes, and on an individual level there are many such people in those roles who *are* worth listening to, but on an institutional level there are no safeguards to verify that those people are trustworthy or competent or that their interests are aligned with your own. Hence: institutional failure.

George William Herbert Dec 23, 2022

@astroboy @glyph 1password and Bitkeeper are almost certainly better at security and operational reliability of code and infrastructure than you are.
For the tiny minority for whom it’s not true, your time is WAY more valuable than the costs of those solutions, so as with reimplementing commercial SAML SSO sources of truth and MFA tools you should probably stick to that when paid to at work not your free time at home.

caucho Dec 23, 2022

@glyph That's why I use a software called KeePass which is open source and works fantastic with Windows, Linux and even android phones

Stephen Fierbaugh Dec 24, 2022

@caucho @glyph Yeah, I used KeePassX for many years. Good system but getting a little long in the tooth. Switched to BitWarden about a year ago and very happy with it.
https://bitwarden.com/

Best Password Manager for Business, Enterprise & Personal | Bitwarden

Bitwarden is the most trusted password manager for passwords and passkeys at home or at work, on any browser or device. Start with a free trial.

Bitwarden

Matthew Martin Dec 23, 2022

@glyph Given a list of alternatives, LastPass, 1Password, what evidence do we have to think that they all aren't clowns. Twitter SSO, run by clowns, LastPass, clowns, why should 1Password be any different? (my offline Keypass db, run by a clown). This is like "Buy your fraudulent stuff from reputable providers" If a technology isn't secure despite being run by clowns, what good is it? There are no companies not run by clowns.

Glyph Dec 23, 2022

@mistersql it’s different because it is different. Your argument here is “someone was incompetent, therefore, everyone is incompetent”. The evidence is the thoughtful analysis of other people working in information security. I’m not going to spend a bunch of time collating that evidence because this argument is *logically* incoherent, but you can see some of it in other replies to this thread

BITPRINT AKA Evan Raskob Dec 23, 2022

@glyph can you say a little more on why we should leave them going forward? Do you think their fixes are still lacking? This has me worried.

Dee Ram DeFi Dec 27, 2022

suggestions for other password managers we can look at to use??
😎

@glyph I would also add - if you are going to reset passwords (be it 1/day or more), also enable 2fa on every site that allows it.

annaraven Dec 23, 2022

@glyph Yeah - tonight I changed:
banks
credit cards
taxes
motor vehicles
my main email account
and amazon

The rest can wait til tomorrow and tomorrow and tomorrow...

g z t Dec 23, 2022

@glyph how crackable depends on the strength of your master password, but once that's done, they have it all. I used seven words of diceware so I should be okay but some people are in a different situation.

I think a bigger risk at this moment is phishing based on this.

Lynn McAlister UE

@glyph I switched to Bitwarden quite a while ago. Probably should update my password though. #PasswordManagers #LastPass #Bitwarden

Dustin Briles Dec 23, 2022

@glyph I appreciate your measured response to the incident in this thread. What do you mean by "your passwords are almost certainly crackable"? The way I understand the incident, this might be true if you used a weak master password, but if you had a high-quality master password it's computationally infeasible to get into your vault.

I'm asking this as someone who is migrating away from LastPass because of this incident, so don't take me for a LastPass apologist lol

Glyph Dec 23, 2022

@elpato stronger passwords definitely buy you some time, but hardware improvements and GPU parallelism take pbkdf2 cracking down into the realm of absolutely feasible on retail hardware at <10k iterations. Older lastpass accounts (including mine) are stuck at 5k and were never automatically upgraded. See for example this 10-year-old answer that already painted a pretty grim picture at the time (albeit for 1k iterations, not 5): https://stackoverflow.com/a/16279280

About how fast can you brute force PBKDF2?

After the linkedin password hash leak, I've been looking at our password hashing. We using Django 1.4 which uses PBKDF2, which is great and a step up from the previous SHA1. However I'm curious how

Stack Overflow

Dustin Briles Dec 23, 2022

@glyph ah okay, fair enough! Sounds like newer accounts (and potentially federated accounts?) are a fair bit more secure since they use 100,100 iterations, according to the LastPass blog post:

Glyph Dec 23, 2022

@elpato Yes, kind of. Login URLs and usernames were stored fully unencrypted, so "secure" is perhaps a stretch, but they don't have all your passwords in that case. You can check your iteration count in the advanced settings. (Mine was 5k, as is everyone I know with an account more than a couple of years old.)

Dustin Briles Dec 23, 2022

@glyph yeah I didn’t mean to imply things are totally cool if you have the higher iteration count (my personal and enterprise accounts both do). Phishing and credential stuffing attacks are for sure gonna happen. Not stoked that employee email addresses (for enterprise plans) also leaked.

Thanks for the discussion!

Glyph Dec 23, 2022

@elpato Glad I could help, it seems like I struck a nerve with this one. Good luck with all the credential rotation, happy holidays :)

C.H. Romatowski Dec 23, 2022

@glyph Just to add a data point, mine says 100,100 and I’ve had my account for more than a decade.

Thank you so much for all this info, I def did not know how to interpret the emails I’ve gotten from them. Cheers!

Chris Johnson Dec 24, 2022

A sufficiently strong master password will not only buy you some time but make cracking it completely infeasible, even if LastPass were using PBKDF2 with *one* iteration. When I switched from LastPass to 1Password years ago, I changed my LastPass master password to a randomly generated, 32-character password and saved it in 1Password. Even though I still have data in my abandoned LastPass account, some of it possibly still valid, I’m not losing any sleep worrying about anyone cracking my password before the sun burns out.

Of course, most LastPass users aren’t going to use a master password with that much entropy, but to suggest that any master password anyone is using is almost certainly crackable is nowhere close to being true.

chrismarget Dec 23, 2022

"*each* password is going to take at least a few hours"

This reads to me like you're talking about individual passwords within a user's vault.

If the attackers are working through dictionaries, aren't they attacking the master password (in which case the whole vault is compromised at once)?

Glyph Dec 23, 2022

@chrismarget oh right, they’re all correlated, because it’s one key. Ugh, you’re right. I mean as an expected-value calculation across the whole population the point still stands, but yes.

Glyph Dec 23, 2022

@chrismarget wait no I left it totally ambiguous here, let me pretend I meant “each master password”, there, bow I’m retroactively correct

chrismarget Dec 23, 2022

@glyph I happened to be looking at this a couple of days ago with @stephen0x2dfox. We thought it was interesting that master password key derivation uses the username as a salt.

Seems fine, I guess? The purpose of salt assumes attacker knowledge, so it's not a secret, and guaranteed unique that way.

It felt funny at first though.

Moth Dec 23, 2022

@glyph Is it as big of a deal to change a password on a site if you also have that account configured with MFA? I don't disagree with changing them but doesn't seem like it's an issue unless I'm overlooking something.

herid Dec 24, 2022

@glyph can you explain what that means please. if your master password is strong (=long) is it really crackable?