Wait a minute... LastPass stores BOTH your encrypted password vault AND the master password to unlock it!? That's about as secure as locking your front door, then keeping a spare key under the mat.*
That's ridiculous. The vault is encrypted. Either your master key is correct for decrypting it, in which case you're in, or it's not, in which case you're not. I see NO REASON for them to ever store your master password AT ALL.
Ok, I'm not a cryptography expert. Is there something I'm missing here?
(* Yes, I realize this is an exaggeration since the password is not stored in plaintext, but the principle still applies. It may be a key in a lockbox under the mat, but the key shouldn't be under the mat at all.)
UPDATE: As noted in 's response below, I was failing to note that LastPass isn't actually storing the master password at all, they're storing a cryptographic hash that lets them test if you've supplied the correct password without having to decrypt your entire vault first. Given this point, my analogy above doesn't really apply at all.
#lastpass #tech #security #passwords
The authentication hash is done by re-encrypting the same 32 bytes about 100,000 times over, so it is not quick to test a lotof guesses in a row.
If the vault is encrypted directly with the master password, and has values near the beginning that can be used to tell if you decrypted it right (for example, file header, or looking for text that looks like a username or email address), then it could actually be quicker to try and decrypt the vault.
On the other hand, the vault might not be encrypted directly with the master password. There are tricky things you can do like have a random sequence called a "salt" at the beginning of the vault, and then the rest of the vault could be encrypted with the result of encrypting that random sequence with the master password 100,000 times. If it works like that, then testing against the hash is probably slightly faster than testing against the vault.
Using extra rounds of encryption to transform the initial key is a pretty standard technique to harden against fast CPUs - my KeePass database that I just set up recently does 1.5 million rounds of AES on the master key, enough to make it take 1/10 second on my new work laptop. The idea being, since I know my password, it only adds 1/10 second delay to opening it, but it makes every guess an attacker makes slower, which makes a huge difference when it is a huge number of guesses. All I have to do in a couple years when CPUs get faster is go in and adjust the number of rounds it does. It even has a handy button to calculate how many rounds take 1 second.