Slashdot Mirror
LastPass Reporting a Security Breach, Including Authentication Hashes and Salts
hawkeyeMI writes: LastPass, the popular password manager, has been hacked. The company says that the “vast majority” of users are safe, and has posted a notice which begins: "We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised."
Who the fuck would think it's smart to use some web service like that, where some third party ends up with your passwords, even if they are encrypted in some way?
They're very handy for websites that have poor native security, as the passwords Lastpass generates are extremely tough. In a lot of cases, I'd rather trust Lastpass's security over that of a native website, and they have open sourced their client side decryption process as well (which has received several audits). I don't use it for anything I consider super sensitive (my bank account, for example), but it's pretty good for a lot of other applications.
"Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
I'd like to take this time to recommend an excellent open source project called KeePassX.
https://www.keepassx.org/
It's a password vault application. Remember local applications, they run on your computer, that you physically have to be at to use(usually).
The Information Revolution will be fought on the command line.
I'm the submitter. I'm a LastPass user and I'll stay that way. If you actually read the article you'll see that things are under control. This is the second time LastPass has reported an attack that I can remember, and because of the client-side encryption and so on it's not a huge deal. Bravo to them for their proactive stance and sound methods.
Error 404 - Sig Not Found
Salting is nice, but when the attacker gets both the hash and the salt, they can attack specific users.
Of course they can. The entire purpose of salting is to make it so that the same password, hashed two different times, produces completely different hashes. This has two important consequences. First, it makes it basically impossible to precompute password hashes. That's a big deal compared to the "without salt" case, where rainbow tables make checking against precomputed hashes very easy. Second, if two users on a system have the same password, you can't tell without computation. Said another way, it means you need to crack passwords individually rather than in bulk. This isn't game-breaking, but it's significant when you have million-user breaches.
All of the typical ways of storing password hashes store the salt alongside it. It's expected that an attacker that obtains the hash will obtain the salt. It's within the design.
If you want the password hash separate from a piece of key password-validation data, at that point the extra piece of data is a secret and what you're basically making is a message authentication code. But, it's very difficult to argue that this is ever really more secure.
Still, the 100k rounds of SHA256 seem decent.
Would bcrypt be any better than PBKDF2 here?
100k rounds of SHA256 is decent. The longer SHA2 variants are better, sure. More rounds is always better, of course. 100k is better than what most people use. But, if the decryption is always happening client-side (which it should), then ideally you can afford and should use many more rounds of SHA1. Maybe if they're using JavaScript, that limits how high they can jack the number of rounds up and still get reasonable performance on low-end devices.
I don't know that bcrypt is necessarily much better than what they're doing. It may be, but at a "details" level, not a "major benefit" level. Both bcrypt and PBKDF2 support many rounds and prevent precomputation, which are major features.
What would be better, if the devices they want to support can run it, is something like scrypt, which is resistant to hardware acceleration and thus much harder to crack in practice.
I'm the submitter. I'm a LastPass user and I'll stay that way. If you actually read the article you'll see that things are under control.
This is the second time LastPass has reported an attack that I can remember, and because of the client-side encryption and so on it's not a huge deal. Bravo to them for their proactive stance and sound methods.
Not only that, but even if the encrypted vault were compromised along with the hashes/etc (allowing somebody to start brute-forcing them), I could easily use lastpass to identify all my accounts and the last change date for each. Since almost all my accounts use random passwords changing them all is a bit of a pain, but not too big a deal. I'm just replacing one random string of values with another. I could change all my accounts in a weekend and all the new passwords are synced across my devices.
Lastpass is extremely convenient and I don't know of many practical alternatives that are any more secure against the same threat models. Maybe a piece of paper in my pocket would be more secure against the remote attacks, but I don't really see that as a step up.
Who the fuck would think it's smart to use some web service like that, where some third party ends up with your passwords, even if they are encrypted in some way?
People who understand how LastPass security works.
LastPass security is actually quite good, and designed to be resilient against data breaches. The attackers haven't gotten any passwords. What they have gotten is hashes, salts, and hints which could lead to passwords, given enough time and computational power.
The clock started ticking as soon as the attackers obtained the data dump. As soon as I reset my master password, the clock stops ticking. Between those two events is the only window of time the attackers have to brute-force the hash or guess my password based on the hint. As soon as I change my master password as prompted by the LastPass email, they have nothing.
If you use 2-factor authentication with LastPass, like Google Auth, even if they crack your master password before you change it, they still have nothing.
Eagles may soar, but weasels don't get sucked into jet engines.
By centralizing all the passwords they are a prime target for infiltration. The hackers knew that by taking this one business they would potentially gain access to millions of websites. In a normal attack they have no idea if they will get good data, with LastPass they couldn't miss. That then makes them one of the most high profile targets on the internet and they'd need NSA level security to keep people out. I little internet company with world class security? I don't think so, even Google got hacked with a spear fishing attack.
I agree with the other posters, you'd have to be nuts to use LastPass for anything that was tied to financial transactions. And just even the secondary effects could be tremendous now that they have login information (depending on the number of websites the last pass information could give them all kinds of information out accounts and names/emails used making the hacking significantly easier).
In fact, when I wanted to demo about half a dozen dual-factor solutions for a colleague, I showed them all on my LastPass account.
To be honest, the idea that anybody who can see your credit card can take your money is not really security at all. Usually transactions require additional evidence - either the physical card, the PIN, the address, or the security code.
Store it on "the cloud"! Everything will be fine!
And guess what? If you used even the most basic security hygiene, especially with your LastPass master password, it still is.
And how else are you going to manage the hundreds of dozen-character long, unique, and complex passwords you want to use with each site?
with an offline tool, like keepass. Same functionality, only stored locally (or on your phone), not on the cloud.