GlyphDec 23, 2022

While you should stop using LastPass in favor of better password manager soon, I think it's important to keep a few things in perspective:

1. This isn't your fault. LastPass fucked up. It was reasonable to trust them, and they betrayed your trust. (Infosec folks: Do not shame people for not knowing this. If we knew and they didn't, that's on us. We should have communicated this better.)

Show threadGlyphDec 23, 2022
2. You are still in a way better position, having used a password manager, then you would have been if you just reused passwords or used some predictable scheme for them. This is NOT some kind of proof that password managers (even cloud password managers) are inherently a bad idea. The alternatives are worse.
Show threadGlyphDec 23, 2022
3. Your passwords are now almost certainly crackable, particularly if you've had an account for a long time. It looks like LastPass has never upgraded the difficulty factor on their KDF, which is very bad. But "crackable" is not the same as "cracked". It is eminently possible to crack a password in a couple of days, but *each* password is going to take at least a few hours on some very high-end hardware; attackers will need to be motivated.
Show threadDustin BrilesDec 23, 2022

@glyph I appreciate your measured response to the incident in this thread. What do you mean by "your passwords are almost certainly crackable"? The way I understand the incident, this might be true if you used a weak master password, but if you had a high-quality master password it's computationally infeasible to get into your vault.

I'm asking this as someone who is migrating away from LastPass because of this incident, so don't take me for a LastPass apologist lol

Show threadGlyphDec 23, 2022
@elpato stronger passwords definitely buy you some time, but hardware improvements and GPU parallelism take pbkdf2 cracking down into the realm of absolutely feasible on retail hardware at <10k iterations. Older lastpass accounts (including mine) are stuck at 5k and were never automatically upgraded. See for example this 10-year-old answer that already painted a pretty grim picture at the time (albeit for 1k iterations, not 5): https://stackoverflow.com/a/16279280
About how fast can you brute force PBKDF2?

After the linkedin password hash leak, I've been looking at our password hashing. We using Django 1.4 which uses PBKDF2, which is great and a step up from the previous SHA1. However I'm curious how

Stack Overflow
Show threadDustin BrilesDec 23, 2022
@glyph ah okay, fair enough! Sounds like newer accounts (and potentially federated accounts?) are a fair bit more secure since they use 100,100 iterations, according to the LastPass blog post:
Show threadGlyphDec 23, 2022
@elpato Yes, kind of. Login URLs and usernames were stored fully unencrypted, so "secure" is perhaps a stretch, but they don't have all your passwords in that case. You can check your iteration count in the advanced settings. (Mine was 5k, as is everyone I know with an account more than a couple of years old.)
Show threadDustin Briles

@glyph yeah I didn’t mean to imply things are totally cool if you have the higher iteration count (my personal and enterprise accounts both do). Phishing and credential stuffing attacks are for sure gonna happen. Not stoked that employee email addresses (for enterprise plans) also leaked.

Thanks for the discussion!

Dec 23, 2022 at 8:42pmWeb
Show threadGlyphDec 23, 2022
@elpato Glad I could help, it seems like I struck a nerve with this one. Good luck with all the credential rotation, happy holidays :)