Mastodawn

Glyph Dec 23, 2022

While you should stop using LastPass in favor of better password manager soon, I think it's important to keep a few things in perspective:

1. This isn't your fault. LastPass fucked up. It was reasonable to trust them, and they betrayed your trust. (Infosec folks: Do not shame people for not knowing this. If we knew and they didn't, that's on us. We should have communicated this better.)

Show thread

Glyph Dec 23, 2022

2. You are still in a way better position, having used a password manager, then you would have been if you just reused passwords or used some predictable scheme for them. This is NOT some kind of proof that password managers (even cloud password managers) are inherently a bad idea. The alternatives are worse.

Show thread

Glyph Dec 23, 2022

3. Your passwords are now almost certainly crackable, particularly if you've had an account for a long time. It looks like LastPass has never upgraded the difficulty factor on their KDF, which is very bad. But "crackable" is not the same as "cracked". It is eminently possible to crack a password in a couple of days, but *each* password is going to take at least a few hours on some very high-end hardware; attackers will need to be motivated.

Show thread

Dustin Briles Dec 23, 2022

@glyph I appreciate your measured response to the incident in this thread. What do you mean by "your passwords are almost certainly crackable"? The way I understand the incident, this might be true if you used a weak master password, but if you had a high-quality master password it's computationally infeasible to get into your vault.

I'm asking this as someone who is migrating away from LastPass because of this incident, so don't take me for a LastPass apologist lol

Show thread

Glyph Dec 23, 2022

@elpato stronger passwords definitely buy you some time, but hardware improvements and GPU parallelism take pbkdf2 cracking down into the realm of absolutely feasible on retail hardware at <10k iterations. Older lastpass accounts (including mine) are stuck at 5k and were never automatically upgraded. See for example this 10-year-old answer that already painted a pretty grim picture at the time (albeit for 1k iterations, not 5): https://stackoverflow.com/a/16279280

About how fast can you brute force PBKDF2?

After the linkedin password hash leak, I've been looking at our password hashing. We using Django 1.4 which uses PBKDF2, which is great and a step up from the previous SHA1. However I'm curious how

Stack Overflow

Show thread

Chris Johnson

@elpato @glyph

A sufficiently strong master password will not only buy you some time but make cracking it completely infeasible, even if LastPass were using PBKDF2 with *one* iteration. When I switched from LastPass to 1Password years ago, I changed my LastPass master password to a randomly generated, 32-character password and saved it in 1Password. Even though I still have data in my abandoned LastPass account, some of it possibly still valid, I’m not losing any sleep worrying about anyone cracking my password before the sun burns out.

Of course, most LastPass users aren’t going to use a master password with that much entropy, but to suggest that any master password anyone is using is almost certainly crackable is nowhere close to being true.