Jeremi M Gosney Dec 24, 2022

Many of you have been asking for my thoughts on the #LastPass breach, and I apologize that I'm a couple days late delivering.

Apart from all of the other commentary out there, here's what you need to know from a #password cracker's perspective!

Your vault is encrypted with #AES256 using a key that is derived from your master password, which is hashed using a minimum of 100,100 rounds of PBKDF2-HMAC-SHA256 (can be configured to use more rounds, but most people don't). #PBKDF2 is the minimum acceptable standard in key derivation functions (KDFs); it is compute-hard only and fits entirely within registers, so it is highly amenable to acceleration. However, it is the only #KDF that is FIPS/NIST approved, so it's the best (or only) KDF available to many applications. So while there are LOTS of things wrong with LastPass, key derivation isn't necessarily one of them.

Using #Hashcat with the top-of-the-line RTX 4090, you can crack PBKDF2-HMAC-SHA256 with 100,100 rounds at about 88 KH/s. At this speed an attacker could test ~7.6 billion passwords per day, which may sound like a lot, but it really isn't. By comparison, the same GPU can test Windows NT hashes at a rate of 288.5 GH/s, or ~25 quadrillion passwords per day. So while LastPass's hashing is nearly two orders of magnitude faster than the < 10 KH/s that I recommend, it's still more than 3 million times slower than cracking Windows/Active Directory passwords. In practice, it would take you about 3.25 hours to run through rockyou.txt + best64.rule, and a little under two months to exhaust rockyou.txt + rockyou-30000.rule.

Keep in mind these are the speeds for cracking a single vault; for an attacker to achieve this speed, they would have to single out your vault and dedicate their resources to cracking only your vault. If they're trying 1,000 vaults simultaneously, the speed would drop to just 88 H/s. With 1 million vaults, the speed drops to an abysmal 0.088 H/s, or 11.4 seconds to test just one password. Practically speaking, what this means is the attackers will target four groups of users:

1. users for which they have previously-compromised passwords (password reuse, credential stuffing)
2. users with laughably weak master passwords (think top20k)
3. users they can phish
4. high value targets (celebs, .gov, .mil, fortune 100)

If you are not in this list / you don't get phished, then it is highly unlikely your vault will be targeted. And due to the fairly expensive KDF, even passwords of moderate complexity should be safe.

I've seen several people recommend changing your master password as a mitigation for this breach. While changing your master password will help mitigate future breaches should you continue to use LastPass (you shouldn't), it does literally nothing to mitigate this current breach. The attacker has your vault, which was encrypted using a key derived from your master password. That's done, that's in the past. Changing your password will re-encrypt your vault with the new password, but of course it won't re-encrypt the copy of the vault the attacker has with your new password. That would be impossible unless you somehow had access to the attacker's copy of the vault, which if you do, please let me know?

A proper mitigation would be to migrate to #Bitwarden or #1Password, change the passwords for each of your accounts as you migrate over, and also review the MFA status of each of your accounts as well. The perfect way to spend your holiday vacation! Start the new year fresh with proper password hygiene.

For more password insights like this, give me a follow!

Show threadJoe OrtizDec 24, 2022

@epixoip How about encouraging folks to #KeePass instead, especially #KeePassXC?

It's free, open source, and offline most importantly while the user is in complete control of their data.

Show threadJeremi M Gosney Dec 24, 2022
@joe I don't like KeePass and I don't think it's a good solution for the average user. Sure, solid crypto, that's great. But it's obviously a password manager designed by crypto people and thus severely lacking in the UX department. A good password manager eliminates steps from your workflow and is transparent as possible.
Show threadDirk HohndelDec 24, 2022
@epixoip @joe
KeePass is So. Frigging. Painful.
Played with it and the UX is just not what I want to suggest to non-techies. And it’s even a bit much for me.
I really think the value of “easy, works on every device” outweighs the risk of using a cloud service ASSUMING that the cloud service is well run and not run by morons… the rumors that the Notes field in #FuckLastPass wasn’t encrypted scares the crap out of me…
Show threadCharles RoperDec 25, 2022
@dirkhh @epixoip @joe You don't like KeePass or KeePassXC? Quite different UX between the two. The latter is much improved over the former.
Show threadDirk HohndelDec 25, 2022

@charlesroper

The main issue that I couldn't make work with KeePassXC was multi device use. Also, the browser integration overall (on Mac) feels less smooth.
@epixoip @joe

Show threadCharles RoperDec 25, 2022
@dirkhh @epixoip @joe I've not had any problems with multi-device use. I use OneDrive to sync my database files. I use KeePassDX on Android and KeePass Touch on iOS - both work directly with OneDrive. Browser integration, yeah, having to link the extension to the app is an extra step, but after that it feels like any other password manager pretty much.
Show threadDirk Hohndel

@charlesroper
So now I need a cloud that I use on each device - and that I trust to hold the database file. Which kinda gets me to the same (or a worse) place than using #1Password, right?

I’ll admit that I haven’t found any cloud (OneDrive, GoogleDrive, DropBox, iCloud - which of course would exclude Android and Linux) that I trust enough for that. And of course I’m the weirdo who would want to be able to use this from macOS, iOS, Android, and Linux…

@epixoip @joe

Dec 25, 2022 at 5:36amWeb
Show threadCharles RoperDec 25, 2022
@dirkhh @epixoip @joe Yes, definitely tradeoffs. I just like the decentralised, portable nature of a kbdx file. I can use whatever cloud provider I want, or my own server, or none. I don't feel held hostage to any particular subscription service, which I am keen to avoid.
Show threadDirk HohndelDec 25, 2022

@charlesroper

That makes perfect sense to me.

I'm looking for something that's secure and convenient for myself and my family, including the ability to share the credentials for certain accounts (e.g., the EV charging network credits for one of the cars we all share)
@epixoip @joe

Show threadtehmaspDec 29, 2022
@charlesroper @dirkhh @epixoip @joe Similar solution I had yrs ago when TrueCrypt was all the rage. Just harder with a family to support in security. Didn’t know about extension for KPX. Have always used KPX for work where I never use cloud storage.
Show threadCharles RoperDec 29, 2022
@tehmasp @dirkhh @epixoip @joe To be clear, KeePassXC and KeePassX are different things. I’ve only used the former.
Show threadMark CrockerDec 25, 2022

@dirkhh @charlesroper @epixoip @joe I have a #SyncThing #Docker container running under #OpenMediaVault on a #RaspberryPi to keep my #KeePassXC data updated with any changes I make with #KeePassDX on one of my mobile devices. Of course, I also have an off site, offline backup too, but that's just a thumb drive.

I know it sounds like a lot, but this way I don't have to use some untrusted, closed source, proprietary, third party to host my data.

Show threadDirk HohndelDec 25, 2022

@mcrocker
I can admire the dedication and agree with the sentiment.
I'm also realistic enough to know that I wouldn't be able to make this work with low enough friction to replace something like #1password for myself and my family...

@charlesroper @epixoip @joe

Show threadCharles RoperDec 25, 2022

@dirkhh @mcrocker @epixoip @joe

Yes, I find using the cloud storage we already use as a family (we have a Microsoft 365 subscription, so everyone gets 1TB of space on OneDrive) to store and sync the database along with the built-in in sharing feature to be perfectly good. Ease of maintenance and portability is definitely a key consideration for me. I have limited time and attention! 😅

Show threadMark CrockerDec 25, 2022

@charlesroper @dirkhh @epixoip @joe excellent point. As much fun as geeky, hobbyist, do it yourself solutions are, they aren't practical for most people with busy, complicated lives.

So, when asked, I explain what I use, then say I've never used it, but #BitWarden seems to be the way to go for most folks.

Show threadblsDec 26, 2022
@dirkhh @charlesroper @epixoip @joe I was in the "don't trust the cloud with my important stuff" for years. After working with MSFT on some security-related projects and learning more about OneDrive, I now backup my stuff to a 1TB "user" in my MS365 subscription using the linux onedrive app. Much simpler to set up than syncthing, and doesn't require me to carry backup drives around. Tried that too, in the past, and sometimes I forgot, etc. Now, it's all automatic.