Hacker News new | ask | show | jobs
by panarky 1270 days ago
Lastpass called storing URLs in plaintext their "Zero Knowledge Architecture".

"Zero Knowledge" should join "Full Self Driving" in the malicious marketing hall of fame.
4 comments
mace01 1270 days ago
"Zero knowledge means that no one has access to your master password or the data stored in your vault, except you. Not even LastPass."

That definitely cannot be true since they were storing URLs in vaults unencrypted. Seems like a class action lawsuit waiting to happen.

https://www.lastpass.com/security/zero-knowledge-security

link
zacharycohn 1270 days ago
> The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that *contains both unencrypted data, such as website URLs,* as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data

That's real bad - think blackmail material for important people.

link
intelVISA 1270 days ago
Sounds like it technically was Zero Knowledge Architecture in the non-cryptographic sense.
link
Dykam 1270 days ago
Which is a shame, because zero-knowledge actually can mean something. But it's yet another term with actual value hijacked for marketing.
link