Password Security Catch-All Thread [2015-06-16: Update your LastPass master password]

Let's say I use lastpass. Do I have to worry about their website being hacked and compromising all of my passwords?

Greg wrote:

Let's say I use lastpass. Do I have to worry about their website being hacked and compromising all of my passwords?

Short answer: no.

Longer, more accurate answer: LastPass cannot see your passwords. All they "see" is an encrypted blob of a file, of which they do not possess the key to unlock.

All decryption of your password vault happens locally on your computer. Even when you access something through the LastPass website, what is happening is that bits of a JavaScript app are being pushed to your browser, and that app runs and does the vault decryption and fills in the form values.

It is in the realm of possibility that, if someone broke into LastPass and stole your password vault, they could conceivably break in, just as all encryption is conceivably defeatable. However, provided you don't use a weak password that makes brute-forcing easy, it is not particularly feasible.

For most users, what it comes down to is trading a bunch of risky behaviors (sloppy password security) for a tiny, very remote risk (someone managing to both steal your vault from LastPass, and managing to decrypt it quickly enough to matter - ie. before both you and they are dead and long past caring).

EU League of Legends players should change their passwords.

Quite the week for bad password security.

jakeleg wrote:

EU League of Legends players should change their passwords.

Quite the week for bad password security.

Yeah, I have a LastPass account I've never used because I do most of my browsing on my phone and I haven't got around to dropping the bones on the Premium version.

Until now.

Quintin_Stone wrote:

So it can be the name of a famous redhead?

Quintin's password: 1ll831nmy8unk

Thanks for information, Legion.

Just wanted to chime in and say thanks to Legion and others for the great info. I'll be using lastpass by the end of the day.

I setup LastPass and it was super easy and actually adds convenience to my life.

Scaphism wrote:

Just wanted to chime in and say thanks to Legion and others for the great info. I'll be using lastpass by the end of the day.

SixteenBlue wrote:

I setup LastPass and it was super easy and actually adds convenience to my life.

And now pony up the $1 a month for the mobile version (if you have it). Makes using my iPhone so much easier for my banking apps.

In case any cares to see how lax gamers are about their passwords, go check out the daily poll at gamefaqs. Basically barely anybody uses a password manager.

I currently use Keepass. My only concern with lastpass would be outages. Keepass on a dropbox will still be available if dropbox is down.

Do any of you Lastpass users do local backups? I see it has an encrypted export option, but I can't find a corresponding encrypted import one. Just plaintext CSV imports.

EDIT: Simple google says
3. One final option is to export to a 'LastPass Encrypted File'. You can then import this data into LastPass Pocket to view your data. This file can be saved locally or on a USB Drive with the Pocket executable

taer wrote:

I currently use Keepass. My only concern with lastpass would be outages. Keepass on a dropbox will still be available if dropbox is down.

Do any of you Lastpass users do local backups? I see it has an encrypted export option, but I can't find a corresponding encrypted import one. Just plaintext CSV imports.

EDIT: Simple google says
3. One final option is to export to a 'LastPass Encrypted File'. You can then import this data into LastPass Pocket to view your data. This file can be saved locally or on a USB Drive with the Pocket executable

:)

Good point, I need to set that up.

Excellent password security article
https://krebsonsecurity.com/2012/06/...

Includes some cool insight into why salting is the "wrong" solution for password hashes that I was not previously aware of.

Yeah, except he's full of sh*t about that.

That's a fairly useless comment, Hypatian, unless you want to tell us how and why he's wrong.

Note: re-reading over things again, it's clear to me that he never says "salts are unneeded", he only says "salts are insufficient". It's just not stated very clearly. I'll include my explanation below anyway.

Uh. Okay. He's wrong because salting is the most reasonable way to prevent known-plaintext attacks.

In the case of passwords, this would certainly include any time two people have the same password. Including a salt guarantees that even when two people share the same password, this is not immediately evident. It also means you can't pre-compute and re-use the same table to check against hashes over and over again.

His suggestion of using more expensive hashes for security purposes doesn't get around that. If you compute one time that the hash for "sexytime69" is "XXXX", it doesn't matter that it takes 1000 times as long to compute that hash—because you do it once, and then you never have to do it again. If you include a salt, you have to do that 1000x work for every individual hash you attempt to crack.

So even if you're using an expensive hash intended for password use, as he suggests, you should still absolutely use a salt.

Non-hash crypto algorithms also typically use something like salts—they're often called "nonces". And again, they're used to prevent known-plaintext attacks. You include a random value early (preferably first) in the data stream to ensure that even if you send the same information (or predictable information) more than once, it will be encoded differently each time it's sent.

His overall suggestion of using a much more expensive to compute hash is not unreasonable, aside from the suggestion that you don't need to salt it. Many many transactions with the server happen very quickly—but those, you want to authenticated with a limited lifetime session key. Because of that, expense of password checking is pretty small.

--

Disclaimer: Of course, all of this depends very much on how the entire system works. One of the more well-thought-out single-sign-on authentication systems around is Kerberos, and it [em]must[/em] store all passwords in plaintext. Real secure kerberos master servers are generally kept in safes, require a human to manually enter a password to decrypt the password database at boot-up time, and never ever send the password either out or in except when changing passwords. Instead, the server uses the stored password to encrypt a challenge. The challenge is sent to the client machine, which uses the password the user typed to decrypt the challenge, make a change to it, re-encrypt it, and send it back.

So in the case of kerberos, the system is quite secure even though the passwords are stored in plain-text, the entire system is more secure because the passwords never have to be sent across a wire, except when the password is first set (and that transaction is of course encrypted end-to-end.)

I know I joked about it earlier, but Malor's post has genuinely made me thirsty.

Yeah, as I was saying over on Metafilter, using salt keeps the bad guys from cooperating against you. Without salt, a given cracking effort is per-world, so if anyone cracks a password, worldwide, it can be contributed to a worldwide password lookup. If an unsalted site is cracked, many of its easy passwords will be immediately known.

With a site salt, where all passwords are encrypted using the same value, then all cracking efforts are per-site. If someone gets 'sexytime69' for Alice on Site A, he also gets it for Bob. But he doesn't get it for Charlie over on Site B, which uses a different salt. Per-user salts are even better; they mean that password cracking is per-user, so getting Alice's password doesn't give Bob's.

Basically, all cracking efforts are per-salt, so the more finely you scatter the grains, the harder the bad guys have to work.

But GPU cracking is so incredibly fast that, even using user salts, a cracker can check ALL seven-character passwords within about seven hours for a given user, on fairly mundane hardware, so chances are pretty good he's going to find someone with a bad password within a few weeks at most. And if he builds a dedicated password cracking box, with four 5890s, he can completely check the space of all seven-character passwords for each user in under an hour. That's not cheap, but it's not ridiculously expensive, either. And it brings a full, eight-character password crack to under a week per salt value.

So, what the author is saying is that salt is not enough. We also should be using algorithms for password hashing that take a ton of CPU power, so that even the quad-5890 box will take weeks to check all the possible seven-character passwords for a user, instead of an hour.

But, as you say, even at that, if you don't use salt, then the entire world can gang up on you. Salt is required either way, but it's not enough on its own.

The credit report stuff gives me the heebie-jeebies. I think a company knowing both who you are to that degree, and also storing your very most sensitive data under a black-box encryption method, is a BAD IDEA.

If you're going to store critical data online, encrypted or no, I suspect it would probably be a good idea to make it as difficult to link with your real identity as you possibly can. The people that know who you are should, ideally, not know anything else important about you, and the people who know important stuff about you shouldn't know who you are.

Yeah, even if it was available here I wouldn't use it, it seems like such a random feature to add though. What would be the logic?

Make money.

Malor wrote:

The credit report stuff gives me the heebie-jeebies. I think a company knowing both who you are to that degree, and also storing your very most sensitive data under a black-box encryption method, is a BAD IDEA.

I don't think I would use it either, but at the same time, I think responses like this grossly overestimate the dramatic yet remote threat and underestimate the common, everyday one.

For the average person, credit getting wrecked from identity theft is much much much more likely than LastPass maliciously using data that they don't even have access to (without pushing a malicious update to their client).

Frankly, if I'm going to use a credit monitoring service, there's a definite appeal to using one where my information is stored in my encrypted vault and the activity is entirely performed by my client-side JS, versus one where my information is stored on a typical web service's server.

This morning I received the following email from my company's IT department:

Earlier today Yahoo! acknowledged that a large number of usernames and passwords had been stolen and posted on the internet. Login information for other internet services including Gmail, AOL, Hotmail, MSN and Live.com may have been compromised as well. More information can be found here: http://www.mercurynews.com/business/...

According to the story, about 400,000 passwords were stolen, including passwords to Gmail, Hotmail, and AOL accounts.

Chairman_Mao wrote:

This morning I received the following email from my company's IT department:

Earlier today Yahoo! acknowledged that a large number of usernames and passwords had been stolen and posted on the internet. Login information for other internet services including Gmail, AOL, Hotmail, MSN and Live.com may have been compromised as well. More information can be found here: http://www.mercurynews.com/business/...

According to the story, about 400,000 passwords were stolen, including passwords to Gmail, Hotmail, and AOL accounts.

Technically 400,000 passwords were released by the hackers to prove that they had hacked yahoo, it's not actually known now how many passwords they have. Also worth noting that these password were stored in the clear!

The thing I read suggests that these passwds came from Yahoo Voice (http://blog.eset.se/statistics-about...) but I'm not sure if that's been confirmed. I changed my yahoo password anyway.

Actually I don't have a yahoo account but I use an affiliate site (mail.com) which makes absolutely no declaration anywhere on the site that it uses yahoo's password services, I only discovered that mail.com was a yahoo service accidentally through a complete circuitous route. So there's an interesting vulnerability; using a service online that doesn't declare that it's part of some other organisation which gets hacked

I wonder where I can find this list of compromised passwords. My Yahoo account is ancient and I can't recover it. :p

General Crespin wrote:

I wonder where I can find this list of compromised passwords. My Yahoo account is ancient and I can't recover it. :p

This reddit post has a magnet link for downloading the list via Bittorrent.

I have a yahoo account only because of my Flickr account. Password changed, of course.

Great article on Ars on password security and how it has evolved in the last years. I would love to hear the opinions of more edumacated Goodjers.