Hacker News new | ask | show | jobs
by paulpauper 1270 days ago
AES CBC not broken, but it's likely LastPass implementation of AES was bad , such as bad RNG or other possible problems.
1 comments
rosnd 1270 days ago
Why do you think it is likely? That's a very strong claim.

> such as bad RNG

How could that be a problem? The attacker doesn't control your passwords. How would you exploit a known IV as an attacker in this context?

link
paulpauper 1270 days ago
there are many ways the encryption could have been implemented badly. a weak RNG is one
link
bbbbb5 1270 days ago
Do you actually know anything about this subject, or are you just speculating?
link
paulpauper 1270 days ago
faulty implementation of crpyto is not unheard of. it happens a lot.
link
bbbbb5 1270 days ago
Yes, but how exactly is the LastPass implementation faulty? In your other comment you claim to know that it is.
link