[chrisfosterelli]

This sort of scheme is common so that you do not have to share the encryption key with the provider. You derive two keys from your plaintext password: one used for authentication and one used for encrypting / decrypting the blob. This way, Lastpass can authenticate you without having to see the key to decrypt your data.

Not sure the specifics of how lastpass implements this but this is a really common approach for end-to-end encrypted apps.

[necovek]

I wouldn't say it's so you don't have to share the encryption key with your provider (you achieve that with a separate encryption key), but rather so you can use a single memorable secret for both login to the provider and local encryption.

As in, the idea is that it is used to save you from having two secrets which might be more or less easy/hard to remember.

It's a UX improvement (which might be a security imorovement on average too).

[stingraycharles]

Oh I see, so the master password is like a seed for multiple things: the password hash, but also e2e encrypting the passwords.

That makes complete sense, thank you for the answer.

[chrisfosterelli]

No problem! If anyone is curious for more on this pattern, Firefox Sync had a great blog post breaking down their implementation: https://hacks.mozilla.org/2018/11/firefox-sync-privacy/