• LastPass hacked, hashed/salted master passwords and password hints exposed
    74 replies, posted
[url]http://arstechnica.com/security/2015/06/hack-of-cloud-based-lastpass-exposes-encrypted-master-passwords/[/url] [quote=Ars Technica]LastPass officials warned Monday that attackers have compromised servers that run the company's password management service and made off with cryptographically protected passwords and other sensitive user data. It was the second breach notification regarding the service in the past four years. In all, the unknown attackers obtained hashed user passwords, cryptographic salts, password reminders, and e-mail addresses, LastPass CEO Joe Siegrist wrote in a blog post. It emphasized that there was no evidence the attackers were able to open cryptographically locked user vaults where plain-text passwords are stored. That's because the master passwords that unlock those vaults were protected using an extremely slow hashing mechanism that requires large amounts of computing power to work. "We are confident that our encryption measures are sufficient to protect the vast majority of users," Siegrist wrote. "LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed."[/quote]
Damn this is pretty big regardless whether or not they were able to "open" the locked user vaults.
And people said I was paranoid for not trusting an online service with all my passwords.
Oh wow, that's crazy. I signed up for a LastPass account Saturday and almost started putting in my passwords before deciding it wasn't worth the hassle and deleting my account. Looks like I dodged a bit of a bullet there.
Not even going to change my passwords.
Uh oh, spaghettios. Guess it's lucky I run with KeePass, it's all local.
[QUOTE=The golden;47972451]Why would you even think that storing your passwords on a cloud service would be a good idea? We are in the golden age of digital information theft, why would ever think it would be a good idea? Why would you ever think that handing over your password security over to some online company would be a good idea? I seriously don't understand this. This is just more proof added to the pile of why you shouldn't ever put personal information on cloud services.[/QUOTE] Because of how strong cryptography works lol
[QUOTE=The golden;47972451]Why would you even think that storing your passwords on a cloud service would be a good idea? We are in the golden age of digital information theft, why would ever think it would be a good idea? Why would you ever think that handing over your password security over to some online company would be a good idea? I seriously don't understand this. This is just more proof added to the pile of why you shouldn't ever put personal information on cloud services.[/QUOTE] I just write them down.
[QUOTE=geel9;47972460]Because of how strong cryptography works lol[/QUOTE] Yeah and then someone 20 years from now decrypts the stolen data and steals all your info on an account you forgot about.
[QUOTE=meppers;47972507]Yeah and then someone 20 years from now decrypts the stolen data and steals all your info on an account you forgot about.[/QUOTE] I think accounts I don't use 20 years from now won't have any important stuff to steal.
I don't understand it either, but I don't use any of those services, so I don't question it.
[QUOTE=Rocket;47972241]I switched to KeePass like a year ago, mostly because I was afraid that they'd shut down or go only premium and I'd lose access to all my passwords. If you put your database on Dropbox or something and give it a strong password you can remember, there's addons for Chrome and apps for Android that work exactly the same as LastPass but with more security.[/QUOTE] Technically speaking you'd be giving Dropbox about as much data as was leaked here with that method (if you store a password hint too, which is probably the larger issue). An OSS alternative that doesn't give anything like that to anyone else would be [URL="https://syncthing.net/"]Syncthing[/URL]. [URL="http://2014.hackitoergosum.org/bittorrentsync-security-privacy-analysis-hackito-session-results/"]BTSync is out because it leaks private keys to the operators.[/URL] [editline]second edit[/editline] The main damage from this will be for forgotten accounts where LastPass can't force the users to change their password (and can't delete them quickly either), and where a weak password hint is available.
I'm confident enough in the technology used that I'm not concerned. [quote]So the way this works is, the reason I'm using it, is I now understand how it works and why it's absolutely trustable, is that very much like Jungle Disk, which we've talked about in the past, all the encryption is done locally. That is, at no point does LastPass receive anything other than what looks like a block of pseudorandom noise. We've talked about how, when you take so-called plaintext, the normal readable, human readable, your username as an email address and your actual password, and you encrypt it with a good cipher, it turns it into, under the influence of a key, which is the key to the whole process, under the influence of the key, it turns it into noise, absolute pseudorandom bits that mean nothing. So that's what the LastPass system gets and saves. It is absolutely no use to anyone because they never get the key. And they've gone to great lengths to arrange never to get the key. When you log into their system, you do so with your username, which is your email address, and your password. That's put together, it's concatenated into one long string. They sanitize the username a little bit. They lowercase it, and they remove the so-called white space, you know, spaces and things. That just makes it a little more robust. The password they don't change at all. So that remains case-sensitive, and special characters and things can be in there. They leave that alone. But, for example, email addresses are not case sensitive. You can change the case in an email address. And so since they're using their email address, people's email addresses as their password, users might not be careful about the case in their email addresses, so they make that case-insensitive. They always lowercase the email address ASCII characters, the alphabetic characters. So they put all this together into one blob. Then they do something called a "hash." They use SHA-256, which is a - SHA stands for Secure Hashing Algorithm. The listeners that have been listening to the podcast for years know what that means. For people new to this, a hash is what's called a one-way function. You can take any amount of text or anything, binary data, anything, any amount of data, and run it through this process called "hashing," which always results in a fixed-size thing, sort of a fixed-size token. And what's unique about this is it is "computationally infeasible," is the technical jargon that cryptographers use, to go the other direction. That is, it's very easy to put stuff into this - think of it like sort of as a meat grinder. But it's impossible to ungrind the meat. It's been ground up. It's been completely - it's been turned into this 256-bit result such that anything you change in the input changes everything about the bits in the output. Yet anybody, no matter how much they want to, no matter how much they look at it, they can't go the other direction. So the idea is that when you log in, when you give your system your LastPass username and password, the first thing it does is it runs it through this SHA - it lowercases the email address, removes the white space, adds the password, and then it does this hash to it, turning it into a 256-bit blob which tells the blob holder nothing about your username and password. It's just like it's been digested into this thing. In fact, hashes are called "digests," also, for that reason. What that is, is that is your cryptographic key. That's the key which your system will use, both to encrypt your data which is being shared with LastPass Corporate, and also to decrypt it when LastPass Corporate sends this back to you. They're holding the encrypted results of your own personal database, just because that's what they do. That's the service they provide, essentially, that and creating all these amazing plug-ins for everything anyone's ever heard of. So but what they're holding, they have no ability to decrypt. They never get the key. That never leaves your system. Now, they do need to know that it's you. That is, they need to know that it is you who are logging in. And so there needs to be an authentication process, so you identify yourself to them. But we don't want them to get the key. So what they do is, they take that key, the cryptographic key, and they add your password to it, that is, they concatenate your password to your cryptographic key, and they hash that. So they do another one-way function on your crypto key with your password, which they don't know because they never get it. But they get another blob. So this second blob, this second output from the hash, that's your unique ID. That is, the only way to get that is if you take your username and password, hash it, then add the password to that and hash it again. So it absolutely depends upon both of those pieces of information. So then your username and that goes to LastPass to identify you. And because that contains your password twice hashed into it, nobody who doesn't have your password, even if they have your email address, is able to produce that blob. So you have to have your email address and your password run through this hash twice to get that blob. But notice that your cryptographic key, which is sort of the first byproduct of that because that's the output from the first hash, that goes into the second hash but is lost in the hashing process, thanks to it being mixed with your password. So the LastPass people never get your crypto key. They get a different unique token that identifies you to them so that you're able to log on securely to their facility. And these guys are so paranoid that they don't even save that on their servers. They don't even save that special logon blob, the output from that second hashing process. Instead they, at the time you create your account, they come up with, they use a random number generator at their headquarters to create a unique 256-bit token which they save with your account. And whenever you're logging in, they take this 256 blob you're sending them that's the result of these two hashing processes. They add that to this unique 256k random number, and they hash that. And that's what they compare to what's stored with your account. Which is to say they never store that logon token. They store the result of hashing that logon token with a unique 256-bit value that they created for you. So they dynamically see if it's the same, but they never save your logon token. They just - they don't want it. They don't need it. So they're able to perform a dynamic check whenever you need to authenticate, but they don't keep it statically. So, I mean, this thing is secure every way you can imagine. And it's simple. The reason it appeals to me is that there's no hocus-pocus, there's no mumbo-jumbo, I mean, I can explain it to you and understand it, which means I believe it. Because there's no, oh, then a miracle happens, and just trust us. That's not necessary. The result of this 256-bit hash where they take your username and password and hash that to get the key for the encryption, that is used with the industrial-strength, maximum-strength, AES 256-bit cipher that we've talked about, which takes 128-bit blocks at a time and turns it into 128 bits of gibberish under the influence of the key.[/quote] Oh no, they got my hashed password. They got my blob of meaningless data that they can't do anything with. Big deal. Don't go panicking yet guys. The biggest danger here is that they got password hints, which could enable people to guess the master password.
I use LastPass to share company credentials with others where necessary. Looks like I'm going to have to change a good deal of passwords.
For everyone's information, the leak only suggests master passwords be changed. No account passwords were leaked. [quote]On an NVIDIA GTX Titan X, which is currently the fastest GPU for password cracking, an attacker would only be able to make fewer than 10 guesses per second for a single password hash. That is proper slow! Even weak passwords are fairly secure with that level of protection (unless you’re using an absurdly weak password.) And this doesn’t even account for the number of client-side iterations, which is user-configurable. The default is 5,000 iterations, so at a minimum we’re looking at 105,000 iterations. I actually have mine set to 65,000 iterations, so that’s a total of 165,000 iterations protecting my Diceware passphrase. So no, I’m definitely not sweating this breach. I don’t even feel compelled to change my master password.[/quote] Additionally, some of the infosec people I follow are agreeing with the above quote. However we know all the script kiddies of facepunch are going to jump into this thread exclaiming how smart they are since they don't store passwords online but [B]go on a website that doesn't even encrypt the password instead passing it in plain text.[/B] (You know, facepunch, that website.) Login's to facepunch can be intercepted by network admins, the NSA (and have been, undoubtedly due to [URL="https://en.wikipedia.org/wiki/Room_641A"]Room 641A[/URL].)
I'm still curious as to why anyone would use an online based password manager like I'm legitimately wondering, why would ANYONE use an ONLINE password manager?
I understand the power of cryptography but if they were silly enough to let this happen I don't really trust them in implementing crypto algorithms. That being said I wouldn't have trusted them anyway.
Oh, nevermind. From their blog: [quote]Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault.[/quote] Everything is fine. Just going to change my master password now.
[QUOTE=>>oubliette<<;47973058]I understand the power of cryptography but if they were silly enough to let this happen I don't really trust them in implementing crypto algorithms. That being said I wouldn't have trusted them anyway.[/QUOTE] They likely don't implement the crypto algorithms. In crypto there is a phrase: [URL="https://security.stackexchange.com/questions/18197/why-shouldnt-we-roll-our-own"]don't roll your own crypto.[/URL]
just changed my master password, and upped my iterations to 7500
[QUOTE=Rocket;47973379]But it reduces the danger that: LastPass might hold my passwords hostage, for some reason. LastPass loses my data somehow. LastPass has a fatal security flaw that isn't known.[/QUOTE] Right, but I never disagreed with that. I just pointed out the avoidable flaws that still exist with your method.
So in short, changing my master password should be enough?
I keep my passwords on my google drive with 2 level auth, however it's in plain text. I've considered sticking them in an encrypted rar since it makes it easy to access on my phone. I should probably do a better job of it, I don't see how people can get into my account but I suppose if they stole my phone or something they could find it.
Fucksake, you can't use the same password for everything because one site's hack will make all of them vulnerable. Furthermore, you can't use a password composed of words because it will be guessed by a dictionary attack. Your only hope is to have a hundred "RS8XE2ha8sS" passwords you'll never remember, and store them on a password service which will of course then be hacked! Fuck hackers.
[QUOTE=Tone Float;47973460]Fucksake, you can't use the same password for everything because one site's hack will make all of them vulnerable. Furthermore, you can't use a password composed of words because it will be guessed by a dictionary attack. Your only hope is to have a hundred "RS8XE2ha8sS" passwords you'll never remember, and store them on a password service which will of course then be hacked! Fuck hackers.[/QUOTE] I'm a fan of diceware, myself. [url]http://world.std.com/~reinhold/diceware.html[/url] Insert obligatory "correcthorsebatterystaple" comic here.
It was a matter of time; they're probably one of the top targets for hackers.
[QUOTE=edberg;47973455]I keep my passwords on my google drive with 2 level auth, however it's in plain text. I've considered sticking them in an encrypted rar since it makes it easy to access on my phone. I should probably do a better job of it, I don't see how people can get into my account but I suppose if they stole my phone or something they could find it.[/QUOTE] Or Google had a hack, or a Google employee was looking through you files, or the file was transmitted over plain http...
[QUOTE=Tone Float;47973460]Fucksake, you can't use the same password for everything because one site's hack will make all of them vulnerable. Furthermore, you can't use a password composed of words because it will be guessed by a dictionary attack. Your only hope is to have a hundred "RS8XE2ha8sS" passwords you'll never remember, and store them on a password service which will of course then be hacked! Fuck hackers.[/QUOTE] I wish I could say the password "Password" was secure enough and you didn't have to worry about anyone trying to get in it'd be nice to just not worry about passwords but people just don't give a shit
If you have a strong password it'll continue being secure for the next several billion years it takes to crack. [editline]15th June 2015[/editline] [QUOTE=J!NX;47973030]I'm still curious as to why anyone would use an online based password manager like I'm legitimately wondering, why would ANYONE use an ONLINE password manager?[/QUOTE] Because it's harder to steal encrypted passwords from a physically secure webserver than it is to steal plaintext passwords from a sticky note under a desk
[QUOTE=Zeke129;47974194]If you have a strong password it'll continue being secure for the next several billion years it takes to crack. [editline]15th June 2015[/editline] Because it's harder to steal encrypted passwords from a physically secure webserver than it is to steal plaintext passwords from a sticky note under a desk[/QUOTE] My master password is a 25 character long password containing caps, lower case, numbers, and symbols.
Sorry, you need to Log In to post a reply to this thread.