[bendoerr]

It sounds like with the new Emergency Access they are generating a key pair for the emergency contact, encrypting to the public key and escrowing the encrypted the symmetric key for your vault data [1]. However LastPass also controls the private key... which seems counter to the marketing, e.g. LastPass should never have access to your symmetric key.

[1]: https://helpdesk.lastpass.com/emergency-access/

[jlgaddis]

Read the content in the right hand column (at your link), under the various headings...

The "Emergency Contact" must be a LastPass user, so they already have a public/private keypair. Your vault is encrypted with their public key and, when the time comes, they're given access to your encrypted vault and are able to decrypt it using their own private key.

Sounds good, in theory, but I'm certainly no cryptography expert. Regardless, I'm not sure if I trust it/"them".

(It won't matter much for me, anyways. When the announced that LogMeIn had bought the company, I jumped ship and moved to 1Password.)

[pwman]

LastPass doesn't have access to your symmetric key, it doesn't have access to your private RSA key either. It's all locally encrypted and locally generated. LastPass does have access to your public key (which is safe and makes sense).

This is accomplished the same way LastPass shares sites.