And Merry Christmas, of course! Last week, just before New Year’s Eve, we learned that LastPass, a very popular password manager, had not only been hacked last August, but that the attackers had got their hands on the safes of the users, where are stored their data and passwords. LastPass was intended to be reassuring, however.
Between omissions, half-truths and shameless lies
Since then, between turkey and dessert, security analysts have looked into LastPass’s statements and announcements, and are becoming increasingly critical, suggesting in particular that the hacked company is trying to lead its users to believe that ‘they’re safer than they really are. They also blame LastPass for inconsistencies and the fact that its soothing communication is just another step in a long series of incidents.
Thus, in a long post on his blogsecurity expert Wladimir Palant asserts that LastPass’ statement ” is full of omissions, half-truths and outright lies”. The security analyst begins by dismantling LastPass’s attempt to make the August 2022 attack and the data theft appear to be two separate things, when in fact they are the same attack, and just of one “lateral movement”, when a hacker finds an entry point and then moves through their target’s network to find information. This precision is all the more important for Wladimir Palant since, according to him, this data recovery had already taken place when LastPass indicated in September that everything was fine. The password manager had just not taken the measure of his problem.
Wladimir Palant also points to the fact that LastPass acknowledges having stored the IP addresses of all or part of its users on its servers. What create a real small weapon of mass destruction for hackers.
And the security expert goes even a little further, according to him, the communication of LastPass is a way to prepare the ground to be able to then put the blame on the users themselves. It indicates that if LastPass users have followed its recommendations “it will take millions of years to guess the master password using available technologies to crack a password”. Basically, if passwords end up being broken, it won’t be the fault of LastPass and its flawed encryption, but of its users. In short, Wladimir Palant obviously has a lot of fault with LastPass. He is not the only one.
“Shitty encryption”, “junk extensions”
In the instance infosec.exchange on Mastodon, Jeremi Gosneyrecognized expert in the field of password cracking, makes remarks similar to those of Wladimir Palant. “LastPass’ claims to have “no knowledge [des risques encourus après le hack, NDLR] “is a shameless lie”he explains in his first point, before delivering another well-placed blow: “LastPass uses crap encryption”. The expert then explains that the key to the safe does indeed use AES256 technology, but “it is derived from only 128 bits of entropy”and to add a little further on, “to put it simply, they have committed every crypto sin imaginable”.
Worse still, again according to Jeremi Gosney, these errors “are easy to identify (and fix!) by anyone who is vaguely familiar with cryptography. It is frankly incredible that a company which claims to evolve ins security and whose products rely on cryptography make such mistakes”.
There follows a long list of problems and faults, “browser extensions good to throw in the trash”, “a habit of ignoring security researchers and vulnerability reports”, etc. In any case, we clearly understand that LastPass is not and has not been up to the task. Moreover, the expert indicates that after having advised to use LastPass for a long time, he stopped doing so in 2017, before leaving the service in 2019. Too bad users did not know about it sooner… From now on, Jeremi Gosney recommends for his part to switch to Bitwarden or 1Password, as soon as possible.
For him, Bitwarden has a definite advantage, the solution is 100% open source, which allows experts in the encryption community to audit the code to ensure its validity and security. His recommendation for 1Password is that he knows who built his architecture and he knows them “competent and very talented”. Better yet, they “are very committed to the password cracking community”, he explains. At last, “their Secret Key feature ensures that if someone gets a copy of your vault, they simply can’t access it with just the master password, making it impenetrable”.
I have never before criticized a competitor by name on the @1Password blog.
This is an exception.https://t.co/E2K1pdUIXj
— Jeffrey Goldberg ? (@jpgoldberg) December 28, 2022
1Password comes out of the silence
And precisely, it is on this point, in particular, that 1Password reacts. The LastPass competitor also came out of silence yesterday to denounce the positions and statements of LastPass. In a tweet that links to a long article signed by himJeffrey Goldberg, 1Password’s Principal Security Architect writes: “I have never criticized a competitor by name before on the 1Password blog. This is an exception ».
In his article, he explains why LastPass claims are “extremely misleading” and why even “If 1Password were to fall victim to a similar leak, the attacker would not be able to crack the combination of the account’s password and secret key, even if he put all the computers on Earth to work there and made them turn for millions of times the age of the universe ». Which is starting to be quite a long time since the Universe would have blown its 13.7 billion years last week…
Bouncing on the assertion that it would take millions of years to crack LastPass users’ 12-character passwords, Jeffrey Goldberg explains that this would be the case if the password had been created completely at random. Gold, “Passwords created by humans fall far short of this requirement. […] Unless your password was created by a good password generator, it is breakable”. Problem, LastPass does not advise anywhere in its documentation to use such a tool…
The security expert then goes on to explain why talking about “millions of years” in the case of LastPass, is a “erroneous assumption of the speed at which a password can be guessed”. During a password-cracking competition, he recalls, the cost of such practice has been shown to be around six dollars for 2.32 attempts, and again for a hashed password with 100,000 rounds of PBKDF2-H256, roughly the best encryption on the web. “Because of the way the power of two works, the cost of making 233 attempts would be 12 dollars, the cost to make 234 trials would be 24 dollars. Ten billion attempts would cost around $100”puts Jeffrey Goldberg into perspective, before concluding: “Assuming the attacker starts with the most likely human-created passwords first, this $100 effort has a high chance of success unless the password was generated. by a machine”.
Contrary to what LastPass says, your safe is therefore not that inviolable, especially since the investment, which should not be 100 dollars per account, could bring a hacker much more, if he can then access your bank accounts and other valuable information for a malicious hacker.
1Password does not claim that your account password is unbreakable. On the other hand, its security architecture highlights the advantage of this platform: its Secret Key. One…key item, no pun intended, that 1Password doesn’t know about. To decrypt stored data (your personal information and passwords), “an attacker would then have to possess or guess your Secret Key”but this is not possible due to the high entropy used by the encryption (128-bit).
Finally, Jeffrey Golberg ends his long post with a lucid and ambitious statement: “We haven’t been hacked, and we don’t plan to be. But we understand that we have to act as if we are going to be. We also understand that many 1Password users will not follow our advice to use randomly generated account passwords. This can be hard advice to follow.” he acknowledges. “As a result, we have a responsibility to find ways to protect 1Password users in the event of a hack that exposes their encrypted data”.
Obviously LastPass had not taken the measure of the stakes… nor of its responsibility.
The Verge
