As I feared, I changed the iterations myself at some point, and they never "migrated" it to the new value. So it's above the old default, but well below the recommended number of iterations.
I don't suppose it being a non-obvious value makes it any more secure? Is an attacker brute forcing the thing likely to try obvious default values first and then give up if they don't work? Or will they simply +1 the iteration count until they hit paydirt?
The number of iterations is needed for login. The user enters their email address and password, and the app needs to know (before they actually log in) how many iterations to apply. There are approaches like the OPAQUE protocol which avoid having the iterations count in the open, but LastPass didn’t implement that. To their defense, OPAQUE is relatively new.
[1] makes it seem like the number of rounds is included unencrypted at least on the client side binary databases. As it's sent over the wire when downloading the vault, lastpass would _have_ to have that in clear text somewhere.
For anyone else having trouble finding the “show advanced settings” button: It’s at the bottom of the account settings pop up where ok/cancel buttons usually are.
Yes. The number of iterations is presumably stored in the same customers database that they stole. Even if not: the number of iterations can be queried via a public API, anyone can do it if they know the email address.
I don’t think so. 346,000 guesses four years ago was for the old default: 5,000 iterations. 88,000 guesses is on more powerful hardware but with the new default: 100,100 iterations.
I’m not missing anything. It’s LastPass who finally need to retract this article. I proved back in 2018 that server-side iterations are misimplemented and have no security effect. That’s why they increased the client-side value in the first place. See https://palant.info/2018/07/09/is-your-lastpass-data-really-...
I don't suppose it being a non-obvious value makes it any more secure? Is an attacker brute forcing the thing likely to try obvious default values first and then give up if they don't work? Or will they simply +1 the iteration count until they hit paydirt?