Admittedly, it wasn’t LastPass’ finest day. This week they found themselves in the news in the wake of what appears to have been a breach of their systems which exposed hashed master passwords. Any breach of any company (let alone one that provides a security service) is never a good look and indeed they’ve had a pretty hard time of it in the press. But we also need to be a bit balanced here.
LastPass and other good password managers operate on the premise that you put all your eggs (or passwords, as it may be) in the one basket and then you secure that basket very, very carefully. The passwords exist in a strongly encrypted keychain which is unlockable when the appropriate “master password” is provided. LastPass has some pretty serious protection around the master password and this is where the story gets interesting.
Per their blog post in the link above, they’re hashing the master password 5,000 times on the client before sending it to the server at login (or password change) where they then hash it another 100,000 times. What all this means is workload – lots of workload. Because you cannot un-hash, an attacker with the hashed master password can only re-compute hashes from plain text strings until they find one that matches. The higher the hashing worker load, harder this becomes for the attacker.
But here’s the point of all this – good passwords managers like LastPass are specifically designed to be resilient to this class of attack. This is why they invest so heavily in creating slow hashing algorithms that would stunt and attacker’s attempts to crack the password to the point where the effort to do so becomes infeasible. In a quote given to Ars Technica earlier this week, Jeremi Gosney who is a very well recognised expert when it comes to password security (he builds serious equipment for law enforcement and the likes to crack them) said that LastPass’ approach to hashing meant he probably wouldn’t even bother changing his master password. At “only” 10,000 computations a second (that sounds fast, but most password hashes can be computed in the billions of times per second), anything short of a ridiculously weak password is going to be highly resilient to these attacks.
Naturally in the wake of an event like this there are those questioning the sanity of password managers. What they need to keep in mind though is that the real world risk posed to the passwords protected by LastPass is very close to zero. Certainly when you consider the risks posed by the alternative – namely committing weak or reused passwords to memory – the value proposition of securely storing all your passwords in a dedicated password manager remains solid. I’m personally a fan of 1Password (primarily because they don’t store or control the keychain the passwords are encrypted into), but I’d have absolutely no hesitation whatsoever in recommending either to anyone. Just make sure that master password is strong, of course.