To further increase the security of your master password, LastPass utilizes a stronger-than-typical implementation of 100,100 iterations of the Password-Based Key Derivation Function (PBKDF2), a password-strengthening algorithm that makes it difficult to guess your master password. You can check the current number of PBKDF2 iterations for your LastPass account here.
I just checked my account and it says 5000 not 100,100 -- there's no way I would go in and change that setting, so this is pretty disingenuous. They must have changed defaults at some point
I do think the default a long time ago used to be very low. I know I went in at account creation and set it to something way higher than it's default at the time.
Looking now though, it says 100100 for me. But i also know i changed my master password at some point, so maybe i got reset to the current default.
According to [1], there were 5,000 client-side rounds of SHA256 in key derivation in June 2015.
It does sound like a missed opportunity to have an at-login upgrade mechanism to upgrade KDF rounds that can be carried out seamlessly or near-seamlessly during the login process. Or at least actively nudging users to change password and thus raise their KDF rounds that way through the default.
One would think that the UI where one routinely enters their master password could silently double as a start using the new default UI, as the change-password UI seemingly does.
If it’s a tradeoff between login speed and security, it seems reasonable to allow users to chose where they want to land between the two, at least within reasonable parameters.
That’s an engineering decision but it shouldn’t be directly exposed in the UI because people don’t understand the trade offs or update it as hardware improves. It’d be better as a time-based setting which changes periodically as attack capacity increases, and perhaps a UI toggle like “faster on ancient hardware, less secure” and “more secure”. You could even automatically improve that over time (“you haven’t used a slow device in 6 months. Want to update to our recommended secure level?”).
Decryption is done on user device so default iteration is set not to be too slow on slower devices. If your all devices are fast enough, It's good to configure it.
It's fine that you want extremely secure iteration counts like 99999999999999999999, but you should wait 9999 seconds to unlock. Every product should have just right default value. LastPass default iteration value was maybe fine in 2008 but computer power is improving.
From what I understand, yes. PBKDF2 is the algorithm that goes from password->key. This key is then used to encrypt the vault. Guessing the key itself is impossibly difficult. Attackers will instead try to guess the password, run their guess through several thousand rounds of PBKDF2, and attempt to use those keys to decrypt the vault.
The algorithm is designed to be run in iterations to be tunable. more rounds takes a lot longer. this makes for both a slower login, but also slower brute-force attempts for the attacker. The attacker can likely still generate guesses in parallel, but each individual password guess will take considerably longer against more iterations.
Lastpass changed the old default for a good reason. I'm surprised they didn't update all accounts to at least the new default.
It means the master password can be brute-forced about 20 times faster, so about effectively a loss of about 5 bits of security, compared to an account where the number of iterations is actually 100K.
I have an older account, it was 500 when I went to check. I'm livid that LP didn't do a reup on the encryption when they moved to 100k cycles. They've basically hosed every customer that's been with them for a while.
mine was set to 500 (not 5000) as well. I'd moved on from lastpass earlier this year but didn't delete my account... though I suppose in that case I'd wonder if I'd deleted in time, or if they really deleted all my info.
Also frustrating that they decided to drop this update on December 22.
with URLs and last-accessed times being plaintext? I suppose "items in your vault" is doing a lot of work there if they don't count urls as "in" the vault.
I just checked my account and it says 5000 not 100,100 -- there's no way I would go in and change that setting, so this is pretty disingenuous. They must have changed defaults at some point