It is set at 100100 in settings.According to the article linked below, it says it should be at least 310,000. Why should we not set it to 1 million? What are the adverse effects of increasing it?
I realize this is only for customers who decide to remain here in the future.
Thanks.
https://arstechnica.com/information-technology/2022/12/lastpass-says-hackers-have-obtained-vault-data-and-a-wealth-of-customer-info/
They iterate to derive an encryption key and a hash from the master password. Since this is done on the client side (because only the client knows the master password), the slower your device, the worse response time you are going to get when iterations are required. This is why they pick the non-recommended number.
A recommendation I heard was to increase incrementally by 50,000 and test all our devices to see if the performance is still acceptable.
@Logmeein I increased my PBKDF2to 350,000.
I have an I9-10980 CPU w/ 32GB. It took about 15 seconds longer than the hash did with 100100.
Seems worth it to me.
Thanks, that makes sense. I can't imagine that with all the power my PC has and all the power that the new phones have, that a few extra milliseconds would be an issue every time a password is hashed.
Everyone on this forum should confirm that they increased their PBKDF2 to at least 350,000.
-
It seems like it doubles the hashing on their side as well:
Login Hash Storage
https://support.lastpass.com/download/lastpass-technical-whitepaper
Longer-term customers have a default setting of 5000 forPBKDF2. While this obviously needs to be changed now to 100100, I have a question:
Assuming we had a good master password (12+ characters, mix of letters/numbers/symbols, no dictionary words) how much has this lower setting compromised password security against brute-force attacks (which can now be expected) in contrast to your current recommendation of 100100?
Also, when there was a change in the default setting, why were customers not notified to update theirPBKDF2 settings?
@DrBeezy
I am not a Lastpass employee and I don't have inside information.
With PBKDF2, your device has to compute a function in series for the specified number of times (5K, 100K) to get a key (from your master password) to decrypt your vault. It figures that with the same password, brute-forcing a vault with 5K iteration will be 20 times faster than 100K iteration.
If you have a 12-random-character password, how long does it take to brute-force it? Who knows? Different password managers (including Bitwarden, Nordpass) are now using the strength estimator called zxcvbn (more info at zxcvbn: realistic password strength estimation - Dropbox) which estimates that an average home computer can guess 10K passwords/second. A random 12-random-character password would take 3 years straight to brute-force. I heard that with the current GPU, this goes up to 80K/seconds, so a dedicated current GPU may crack it in 4.5 months.
The 10K estimate is for a slow hash function (including PBKDF2) "with moderate workload". The author doesn't immediately specify what a moderate workload is for PBKDF2, so your guess is as good as mine.
Your password is probably classified as random if it's not a common password, isn't in a dictionary, and isn't a commonly used pattern. You can try Bitwarden tool out at https://bitwarden.com/password-strength/ But here's a list (with random characters):
I would also keep in mind that these figures are for brute-forcing. The hackers probably don't try this first on random accounts. You probably have to be notable in some way before someone (with resources) decide to dedicate a computer/GPU to your account. The easier ways to attack may be phishing, leaked password reuse, common password attack, dictionary password attack, etc.
Can you comment on where/when you are seeing the "15 seconds longer" with 350,000? That is, is it once at initial login or is it each time you try to fill/copy a password?
I'm curious where LastPass is decrypting your fields that are actually encrypted in their vault/database. That will help make decisions for iterations given things like phones need to also decrypt.
