Jump to content
Find Professionals    Deals    Get Quotations   Portfolios
Sign in to follow this  
Olivoil

Is your LastPass data really safe in the encrypted online vault?

Recommended Posts

Wladimir Palant, the well-known creator of AdBlock Plus, has published a blog post which should be very concerning for every LastPass user.
 

TL ; DR: LastPass fanboys often claim that a breach of the LastPass server isn’t a big deal because all data is encrypted. As I show below, that’s not actually the case and somebody able to compromise the LastPass server will likely gain access to the decrypted data as well.

LastPass has published a post which shows that they have fixed at least some of those flaws detecetd by Wladimir.

Nevertheless, Wladimir's conclusion is:

As this high-level overview demonstrates: if the LastPass server is compromised, you cannot expect your data to stay safe. While in theory you shouldn’t have to worry about the integrity of the LastPass server, in practice I found a number of architectural flaws that allow a compromised server to gain access to your data. Some of these flaws have been fixed but more exist. One of the more obvious flaws is the Account Settings dialog that belongs to the lastpass.com website even if you are using the extension. That’s something to keep in mind whenever that dialog asks you for your master password: there is no way to know that your master password won’t be sent to the server without applying PBKDF2 protection to it first. In the end, the LastPass extension depends on the server in many non-obvious ways, too many for it to stay secure in case of a server compromise.

I'm happy that I switched to KeePass a long time ago.

 

Share this post


Link to post
Share on other sites
Looking for good contractors? Click here for your request

Your data is safe if you choose the right platform to keep them too. To keep the documents safe you should be willing to invest a little bit and consult the options on the market. If you ask me, I can suggest Future Vault. They help people everywhere build more trust with their clients and members by delivering important documents and information. I don't disagree that there might be people with some bad or unpleasant experience. There are a lot of moments to be considered such as passwords, devices from which you connect, etc.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×