Tim Allen on 8 Jan 2017 07:39:32 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Lastpass - friend of foe

That's pretty interesting. I contribute to the Django web framework, and we also use PBKDF2. Another thing that Django does is increase the number of iterations by 20% each release (about every six months to keep the hashing "slower" as processor speeds increase. I'm glad to see LastPass is doing something similar.

+1 for 2-factor, of course!



On Sun, Jan 8, 2017 at 2:18 AM, Paul Walker <pjwalker76@gmail.com> wrote:
So... on the intersection of lastpass and password hashsaltfu:

LastPass has opted to use SHA-256, a slower hashing algorithm that provides more protection against brute-force attacks. LastPass utilizes the PBKDF2 function implemented with SHA-256 to turn your master password into your encryption key. LastPass performs x number of rounds of the function to create the encryption key, before a single additional round of PBKDF2 is done to create your login hash.

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug