|
|
|
|
|
|
by maibus2
2636 days ago
|
|
|
Your arguments are sound in theory. But not in practice (for LastPass, 1Password has a better design). For example LastPass was deriving their encryption key with only 5k rounds of PBKDF-2 iteration (but used ~100k rounds to create their authentication hash)[1]. In LastPass's case, assuming the attacker has obtained a copy of the encrypted data, a smart attacker can ignore the authentication hash and just try encryption keys directly. 5k rounds of PBDKF-2 on a sub-$1,000 GPU is quite tractable to crack. Was it a trivial thing for LastPass to fix? Of course. But that's not the point - if an attacker got a copy of the data before you fixed it - it's too late. [1]https://palant.de/2018/07/09/is-your-lastpass-data-really-sa... |
|
|