![]() Despite the rigor of the LastPass hashing regimen, the job of cracking a single hash belonging to a specific, targeted individual would be considerably less difficult and potentially within the ability of determined attackers, especially if the underlying password is weak. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed."īy contrast, many sites have used extremely fast hashing algorithms that provide minimal protection. "LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. "We are confident that our encryption measures are sufficient to protect the vast majority of users," Siegrist wrote. That's because the master passwords that unlock those vaults were protected using an extremely slow hashing mechanism that requires large amounts of computing power to work. It emphasized that there was no evidence the attackers were able to open cryptographically locked user vaults where plain-text passwords are stored. Further Reading Why LivingSocial’s 50-million password breach is graver than you may thinkIn all, the unknown attackers obtained hashed user passwords, cryptographic salts, password reminders, and e-mail addresses, LastPass CEO Joe Siegrist wrote in a blog post.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |