[SnacksOnAPlane]

I use LastPass, but I'm still fearful about it. It's such a rich target, and all a hacker would really have to do is to intercept when you put your decryption key in and send it off to their own server. Then they'd have access to all your accounts. They'd have to put that backdoor into the extension, but the point is, it's doable, and most people wouldn't have any way of knowing that it happened.

[mhurron]

LastPass doesn't have you send the master key to log in or decrypt, Decryption does not occur on their servers.

https://lastpass.com/support.php?cmd=showfaq&id=6926

"LastPass says they never receive my Master Password. Don’t I send it to the LastPass servers when I log in?

No, when you login to LastPass, two things are generated from your Master Password using our code discussed previously before anything is sent to the server: the password hash and the decryption key. This is all done locally.

    The password hash is sent to our servers to verify you. Once verified, we send back your encrypted Vault. We are only sent your hash, not your Master Password.
    The decryption key, which NEVER leaves your computer, is then used to decrypt your Vault once it comes back."

[tripzilch]

Well no they better not, obviously!

The point was "all a hacker would really have to do is to intercept when you put your decryption key in and send it off to their own server" (emphasis added).

However this is more about keeping the Lastpass software secure than it is about keeping the encrypted user vaults secure. The documentation you quoted really obscures this by use of the passive voice, casting the end-user somehow as an active agent deliberately doing all the encryption/hashing and sending, implying that they are in full control :) Try this on for a change:

"LastPass says they never receive my Master Password. Doesn't the LastPass Software send it to the LastPass servers when I log in?

No, when you login to LastPass, the LastPass Software generates two things when you give it your Master Password, before the LastPass Software sends anything to the server: the password hash and the decryption key. The LastPass Software does all this locally.

The LastPass Software sends your password hash to our servers to verify you. Once verified, our server sends back your encrypted Vault. The LastPass Software only sends your hash to our server, not your Master Password that you just entered into the LastPass Software.

The LastPass Software then uses this decryption key, which should NEVER leave your computer, to decrypt your Vault once it comes back."

-

The above is IMHO a much better way to word the same documentation, since it doesn't try to gloss over a rather important part of the attack surface. It's not really fair to on the one hand congratulate a user for being security-aware enough to use a password manager, but then ignore this part. Good security software documentation should proudly present the last few exposed parts of the attack surface, especially if they are minor ones, so that a user can assess the limits of their trust--there are always limits, no sense in pretending there aren't, and it's better to know them so that the user gets to decide what they're okay with.