[InspiredIdiot]

Can you explain how PAKE would help here? Going just off Wikipedia, it is a key-establishment protocol "based only on their knowledge of a shared password". So I would expect that the shared password is the master password or its hash and the parties are the user and the LP server. So wouldn't using PAKE require the server to know your master password or its hash? That sounds the same as before. Is the idea that they both know the hash only transiently (instead of the server knowing it persistently as it does today) and then establish some other key which they use after that?

[palant]

No, modern PAKE protocols work without the server actually knowing the password. The server has a “verifier” that lets them tell whether the client’s response to a given challenge is correct. I’m no expert on this topic but https://blog.cryptographyengineering.com/2018/10/19/lets-tal... is a good start.