|
|
|
|
|
|
by rgrmrts
1271 days ago
|
|
|
I'm not a security expert or cryptographer so take with a grain a salt, but I've been trying to understand what flawed architectural decisions LastPass made, and based on the critiques I've seen by some security/cryptographer folks (on Twitter, mostly) it does seem that 1Password is less vulnerable. It seems the key derivation, number of rounds, and unencrypted metadata (e.g. the website associated with the credential) are factors that made LastPass more vulnerable. AFAICT, 1Password encrypts all metadata, their key derivation is stronger, and the use more rounds. Their security whitepaper [0] goes into a ton of detail. I'm more comfortable with my choice in 1Password (I previously used LastPass years ago, and need to rotate some old passwords that were still in LastPass). [0]: https://1passwordstatic.com/files/security/1password-white-p... |
|
|