Re: [PLUG] Lastpass - friend of foe

Tim Allen on 8 Jan 2017 07:39:32 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Lastpass - friend of foe

From: Tim Allen <tim@peregrinesalon.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Lastpass - friend of foe
Date: Sun, 8 Jan 2017 10:39:25 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=peregrinesalon-com.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=HyutSDkKEhJXmTGSUztoY5cIJpML+V729Eenc7v++YU=; b=E6FZSaPnolTWS7vgGi/IHXV9IPnXFcr8YRwcN4ZBUAspQ7XGfZptM/tkQTJ8Aj0ViD F4F73ykifhi8ztovw53gtzxTg4zBIoMuFjJ2s5bLbKUJOQ4WNrVqGw5O0vZKXvBgLUAs ScfrGnMYtw2XEuKYl+9pyuIiFPCYjteEqZMm650hFqzF/8dc+8hfcSTSkhGKNwUA8TIJ c7rtGPQ2OgRlM7b2vHGgV5kdMDHWTbL9otgkDt8XXPBXJcVaWCwZBWB7sNyX82MmdYmR LTJQYC/XX6DvN62nvqlPXKrg52bMalCrD/3XqcDkeNKuzIy72BkR+XnjEn8lYoMSNLJU Cr8g==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

That's pretty interesting. I contribute to the Django web framework, and we also use PBKDF2. Another thing that Django does is increase the number of iterations by 20% each release (about every six months to keep the hashing "slower" as processor speeds increase. I'm glad to see LastPass is doing something similar.

+1 for 2-factor, of course!

Regards,

Tim

On Sun, Jan 8, 2017 at 2:18 AM, Paul Walker <pjwalker76@gmail.com> wrote:

So... on the intersection of lastpass and password hashsaltfu:

LastPass has opted to use SHA-256, a slower hashing algorithm that provides more protection against brute-force attacks. LastPass utilizes the PBKDF2 function implemented with SHA-256 to turn your master password into your encryption key. LastPass performs x number of rounds of the function to create the encryption key, before a single additional round of PBKDF2 is done to create your login hash.

https://helpdesk.lastpass.com/account-settings/general/password-iterations-pbkdf2/

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] XKCD: Team Chat
  - From: Greg Helledy <gregsonh@gra-inc.com>
- Re: [PLUG] XKCD: Team Chat
  - From: Rich Kulawiec <rsk@gsp.org>
- Re: [PLUG] XKCD: Team Chat
  - From: Andrew Libby <andrew.libby@gmail.com>
- [PLUG] Lastpass - friend of foe
  - From: Timothy Marion <timothy.marion@marion.systems>
- Re: [PLUG] Lastpass - friend of foe
  - From: Paul Walker <pjwalker76@gmail.com>
- Re: [PLUG] Lastpass - friend of foe
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] Lastpass - friend of foe
  - From: Christopher Barry <christopher.r.barry@gmail.com>
- Re: [PLUG] Lastpass - friend of foe
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] Lastpass - friend of foe
  - From: Paul Walker <pjwalker76@gmail.com>
- Re: [PLUG] Lastpass - friend of foe
  - From: Thomas Delrue <delrue.thomas@gmail.com>
- Re: [PLUG] Lastpass - friend of foe
  - From: Tim Allen <tim@peregrinesalon.com>
- Re: [PLUG] Lastpass - friend of foe
  - From: Paul Walker <pjwalker76@gmail.com>

Prev by Date: Re: [PLUG] Lastpass - friend of foe
Next by Date: Re: [PLUG] Lastpass - friend of foe
Previous by thread: Re: [PLUG] Lastpass - friend of foe
Next by thread: Re: [PLUG] Lastpass - friend of foe
Index(es):
- Date
- Thread