
Even the LastPass Will Be Stolen - nallerooth
http://www.martinvigo.com/even-the-lastpass-will-be-stolen-deal-with-it/
======
ultramancool
I'm a LastPass user and everything here was pretty much as I expected with one
exception - the unencrypted metadata in the vault. That's extremely
disappointing. The ECB stuff isn't really used any longer, the OTPs are kind
of hacked on, no surprise there. I was willing to tolerate that stuff for an
overall decent solution.

But now realizing that they're handling URLs in this way... I just can't use
it anymore or recommend it in good faith.

So what do I do?

\- KeePass looks nice, has multiplatform support and browser extensions but
the crpytography in it is sketchy, custom KDF and stuff going on... mobile
support might also not be so great though I'm not positive.

\- PasswordSafe has better looking cryptography, though still not up to where
I'd like it to be as well as a worse UI, worse browser support, etc. And last
I checked I think Linux support was sketchy.

\- There are an infinite number of questionable proprietary solutions that
have similar problems to LastPass, usually far worse actually...

\- and a few open source solutions that look good but completely lack in the
UI and integration departments.

So I'm about to take KeePass, gut the crypto, replace it with simple scrypt
and AES-OCB or chacha20-poly1305 and hope I can wind up with something I'm
comfortable using - anyone have a better suggestion?

~~~
emodendroket
Take Schneier's advice and write down your passwords:
[https://www.schneier.com/blog/archives/2005/06/write_down_yo...](https://www.schneier.com/blog/archives/2005/06/write_down_your.html)

I suppose this is a problem if someone breaks into your home and gets into
wherever you keep your notebook and steals it but frankly that's hardly the
only problem you have in that scenario.

~~~
m0nty
> We're all good at securing small pieces of paper.

Not true, as it turns out. I created passwords for my users and put them on a
laminated card as a courtesy, with instructions to keep it in their wallet,
purse, etc. They were turning up stuck to keyboards, shelves next to desks,
etc. Some people are really crap at securing small pieces of paper.

~~~
emodendroket
I'll bet you if it were the details to their own bank account they wouldn't do
that! It's a problem of how much people care, really (or how much they think
the organization cares).

~~~
m0nty
I think Schneier's (and my) mistake was assuming people know to value their
passwords. It's getting bad when the Head of IT, however, is one of those
sticking the password to his desk :(

------
oneJob
With the recent security issues surrounding LastPass, it makes me wonder, is
the bar set too low even for professional products? Does LastPass not do this
testing on their own? Does LastPass not reach out to the security community
and contract to have this testing done, proactively? I mean, these folks
pulled this off in their 10% time...

~~~
tajen
I don't know, how much is the security bug bounty on LastPass? $1000 according
to Bugcrowd [1]. But what would be the right value?

That's the only way we ensure it's economically more viable for hackers to
resell their security leaks to LastPass than to pirates. An economic approach
would claim that the total available bug bounty scheme must be worth the same
as the potential stolen value of the contents, otherwise it's still valuable
to exploit the leak rather than publish them. The only savings that LastPass
can make is over the gap between insured value and their ability to not have
leaks.

[1] [https://bugcrowd.com/lastpass](https://bugcrowd.com/lastpass)

~~~
josefresco
I doubt most small businesses could afford a bug bounty that would exceed
potential illegal profits from selling an exploit to bad actors. I don't think
the economics work at any scale. Could Google, Apple or Microsoft even outbid
a nation state seeking to purchase an exploit?

~~~
nhstanley
No, but I think as long as the bug bounties pay enough to keep someone
comfortable (along with added notoriety/resume padding with it), you'll have
enough moral people choosing to reveal them to the companies rather than bad
actors. Maybe that's naive. $1k bucks though probably isn't that number. More
like $50k or $100k for 0-day level stuff.

~~~
emodendroket
Well, maybe, but states don't just have more resources to buy exploits; they
also have more resources to devote to finding them in the first place.

~~~
cookiecaper
States are not really the buyers to be concerned about. In many cases, the
state already has tools that give them enhanced access to target data, all the
way up to the authority to obtain and execute warrants. The people that are
really worrisome are private malicious actors.

------
verbify
LastPass always represented a single point of failure for me, although still
bettter than what people usually do - same password across all services.

I recall one interesting method involving no third-party services is a
concatenation of a random string combined with some of the letters of the
service I'm using. E.g. the first and last letters of the website I'm on. So
if the random string is xPv4rz and I'm on HackerNews, the string becomes
hsxPv4rz.

~~~
jjoonathan
The problem is that you don't have control over password requirements, so
you'll rapidly accumulate exceptions. What if they require (or assign) a PIN?
Security questions? What if they assign a number as your login? Require a
special character? Forbid special characters? Require >6 chars? Forbid >6
chars? Forbid your password from matching previous passwords? What if they
don't show you the domain? What if the domain changes during login (see:
Cambridge Savings Bank)? What if the domain changes over time? What if the
company name changes? What if they lock you out after 3 attempts and you burn
up all three trying to remember the variation you were forced to use?

I tried the combination scheme for a bit over a year. I was in denial about
how poorly it was working until I started getting politely teased by casual
acquaintances about being the guy who could never remember his passwords.
There are accounts I'm still permanently locked out of. It was bad.

By comparison, LastPass has been great. More secure passwords, less forgetting
them. Eventually I want to move to a password archive that's physically
separate from the computer, but for now I'm happy with no longer dreading
login screens.

~~~
tripzilch
Well regardless of your scheme, you should still write down your passwords!

Just because it's not feasible to lug a moleskine with that long long list of
passwords to everywhere as a "password manager" solution, doesn't mean that
you shouldn't write them in that notebook, which you store in a safe place.
Not for quick & easy access, but for _backups_.

You don't have to do it on paper, but it's a good choice because it's low-
tech, easy for anyone to use (bus-factor, next-of-kin) and exactly as secure
as your common sense, making it exactly as secure as anything else you can
use.

Being unable to access accounts, because you forgot the passwords, that you
didn't write down anywhere is equivalent to losing data because you didn't
make backups. Which we also tease people about, right?

Have you written down your LastPass master-password anywhere?

~~~
jjoonathan
The tone of your lecture suggests that you think I disagree. Which is odd,
because from where I'm sitting your central claim looks like a corollary to my
conclusion.

------
cheez
Well-written article and some things I had thought of myself but ignored. It's
not that other systems might be more secure, but reducing attack surface is
important. So, is there something that lets me access my passwords on all my
computers and phones without having to manually sync? Perhaps something +
Dropbox?

~~~
distances
I've been using Dropbox/ownCloud + KeePassX/KeePassDroid for years now.
Putting the password in is a manual step, but that also means I feel like
being more in control. Very happy with the setup.

~~~
neuro_imager
As someone with very little knowledge of encryption etc. please advise - how
safe is dropbox? I would have guessed it would be a relatively frequent target
for blackhats.

~~~
4096
I would consider it not safe because it was on of the companies mentioned on
the NSA slides. You can still sync your Keepass(x) file with Dropbox if you
have a good password (key file is recommended) on the database file.

Instead of Dropbox you can also use
[https://spideroak.com/](https://spideroak.com/) They have a really handy
program which let you control a lot of things and they are a "zero knowledge"
cloud provider, all your data is encrypted. Snowden recommends them:
[http://www.theguardian.com/technology/2014/jul/17/edward-
sno...](http://www.theguardian.com/technology/2014/jul/17/edward-snowden-
dropbox-privacy-spideroak) For $12 dollar a month you get 1 TB, which you can
use as a safe off-site backup location.

~~~
gecko
Note that, while SpiderOak is arguably more secure than Dropbox, they rely on
a hybrid security model wherein they still have your encryption key on their
server, but encrypted with your local password. This matters because if your
password is ever compromised, however briefly—say, by using the mobile app or
the website, neither of which are supported in a secure manner (they make this
very clear)—then all your data would be permanently compromised, with no way
to rotate your keys and re-encrypt your data before someone gets access to it,
short of blowing out your account. I get why things work this way, but still,
yuck.

~~~
tombrossman
Also worth pointing out that neither Dropbox nor SpiderOak are fully open-
source, so you are having to place some degree of 'blind trust' in either
service. It is in their own best interests to have great security so that
customers trust the product, but this cannot be verified by someone outside
the company.

~~~
implicit_none
SpiderOak'er here; as a reminder, we also offer Encryptr, our own password
manager:
[https://spideroak.com/solutions/encryptr](https://spideroak.com/solutions/encryptr)

Which itself _is_ open source:
[https://github.com/SpiderOak/Encryptr](https://github.com/SpiderOak/Encryptr)

~~~
flanbiscuit
Been using this for a while and I'm liking it so far.

When are exporting and offline access coming?

------
4096
There is also QTpass: [https://qtpass.org/](https://qtpass.org/)
[https://github.com/IJHack/qtpass](https://github.com/IJHack/qtpass)

------
Bedon292
If we choose to still use LastPass, what are the best practices to make these
exploits less usable? They have some at the bottom, but I was wondering if
they missed any.

Looks like there is an option to disable store dOTP on each machines? Kind of
a pain to change on every device, but OK. Sounds like a good idea. What else
is there?

~~~
nissehulth
There are some good recommendations at the end of the article/presentation,
but also note that Lastpass seems to have fixed (at least some of) the issues
already.

------
VLM
Its interesting that the unix world outlook of simple tools doing one thing
make this simple. My encryption layer is encfs, my storage and sync layer is
dropbox (although I used unison a long time ago) and I don't use the browser
interface layer so I hand type passwords. At least this way I never forget
any. Oh and for password creation I use pwgen for important stuff (the credit
union) and silly names for unimportant stuff (social media)

Individually those small simple tools are well optimized and pretty safe. Yet
monolithic top to bottom windows style all in one solutions always fail
miserably such that it smells impossible to actually implement. Which it might
be, for practical, and possibly legal, reasons.

This is interesting because its a real world example of what happens if you
let the general public be unix sysadmins.

It is possible, that just like some knowledge is only for the cognitive elite,
some computer automations and features are inherently by the complexity of
what they do, only for the computational elite. If this isn't a specific
example of something on that borderland, its an interesting topic to think
about in general.

------
mohsinr
Thank you for sharing! Lastpass user here

-country restriction enabled - CHECK -2fa enabled - CHECK -TOR disabled - CHECK

~~~
el_duderino
Where is disabling TOR connections in LP settings? Can't seem to find it.

~~~
mipapage
Vault -> Account Settings -> Show Advanced settings

~~~
el_duderino
Ah! Not sure how I missed that, thanks.

~~~
mipapage
You're welcome!

------
plusquamperfekt
PasswordSafe + DropBox

[http://passwordsafe.sourceforge.net/](http://passwordsafe.sourceforge.net/)

~~~
uptown
Dropbox is the weak link, as your encrypted datafile is likely accessible to a
determined 3rd party.

~~~
coldpie
If an attacker is able to find my storage repo, identify my database file,
discover what type of encryption I'm using, and figure out the key to decrypt
it, then you know what, they've earned my credentials :)

------
thomasahle
Could I use multiple services like LastPass, and then have my password be the
xor of all of those? That way each service would have to fail at the same
time, or I would have time to change the stolen piece?

~~~
jerf
The XOR of two ASCII password characters tends to produce characters in the
control code section of ASCII, which you may have some trouble convincing
those services to store. You could define your own XOR based on an enumeration
of password characters, but that's getting into a lot of work for this idea...
it had better be good.

------
chinathrow
"What I am saying is that LastPass adds Javascript payloads to your encrypted
vault in cleartext. Javascript code that will be injected and run in every
page load in the domain’s context. While this is a legitimate feature, it
gives LastPass the possibility of stealing all your credentials."

Ouch ouch ouch. How did they think that was a good idea anyway?

------
nilved
LastPass has jumped the shark. Major vulnerabilities were disclosed in 2011
and now 2015. Their purchase by LogMeIn is not inspiring. I closed my account
and started using KeePass (by way of KeePassDroid) stored in Google Drive.
This way only I control the encrypted data.

~~~
tP5n
Data uploaded to Google Drive is not data _only you control_. You may believe
only you control the _unencrypted_ data, but that is up for you to decide. If
you read the entire post the author states:

"To finish, we want to point out that the security team at LastPass responded
very quickly to all our reports and lot of the issues were fixed in just a
couple days. It was very easy to communicate and work with them.

We have seen media and tweets mentioning that we “hacked LastPass”. We did not
hack LastPass. We also don’t feel comfortable with those claims. What we did
is find a number of bugs, bad practices and design issues which we used to
obtain the vault key and decrypt all passwords in different scenarios. There
is no bug-free software and any future research on other password managers
would likely have similar results."

... which is doubly worrying if you do not control the data you believe to be
securely encrypted.

------
amelius
Product idea: a smartwatch with stored passwords combined with an USB plug-
adapter for a keyboard (daisy-chain style). Eventually, computer manufacturers
could incorporate the USB adapter into the computer itself.

~~~
virusduck
[https://www.blooky.com/](https://www.blooky.com/)

Although, I'm not sure they met their kickstarter goal.

~~~
owenversteeg
Nope, not met. $4001/$250k. Ouch.

[https://www.kickstarter.com/projects/339603800/blooky-
wirele...](https://www.kickstarter.com/projects/339603800/blooky-wireless-
bluetooth-password-key)

------
noondip
165 sloc of bash + gpg =
[https://github.com/drduh/pwd.sh/](https://github.com/drduh/pwd.sh/)

------
Roritharr
The only workable self-hosted solution I found was TeamPass, but i'm nowhere
knowledgable about itsec to make an audit.

[https://github.com/nilsteampassnet/TeamPass](https://github.com/nilsteampassnet/TeamPass)

~~~
Vendan
It may have changed recently, but as of about a year ago, a TeamPass
installation on a corporate network was my ticket as a pen tester to go from
plugging into the network to domain admin in 4 hours. Not the best of signs.

------
sfilipov
Whenever an article like that appears about a proprietary password manager, I
just wonder if there has been any audit on the popular open source ones like
KeePass. In fact I've heard that KeePass has some security issues. Is KeePass
more secure?

------
jld89
What do you guys think of clipperz? Is it safe?

------
dbg31415
Fucking depressing.

Thanks.

------
johnpowell
I just keep my passwords on a publicly visible website.

fastmail --- 31&84$ _KsATbUIOPalrwdklwdfjljklwdfljk31
&84$_KsATbUIOPal$*KsATbUIOPalrwdklwdfjljklw

apple --- CNK7wt5a2QcJ2T/qm9J+oc3JUvg/cR/uIrJ2qPgAePk

Then I mess with things. Say Rot5 for the last five characters of my Apple
password and ROT8 for fastmail. Not exactly what I do but you get the idea.

However, setting up the ATV4 took a few hours.

~~~
oneJob
I can't wait for the detailed HN post explaining how this scheme was defeated.

~~~
dsfyu404ed
# this should be a start, it still needs output all permutations of the cipher
applied over all possible substrings in the ciphertext because not all parts
may have the same cipher applied and it also needs to brute force a salt up to
a reasonable length to precede/follow the output text since salting passwords
with a memorized constant is common.

def ceasar_permutations(ciphertext):

    
    
        alpabets = [ascii_lowercase, ascii_uppercase,'0123456789',' ~!@#$%^&*()_+``-=[]{}:";\\\<>?,./]']
    
        for perm in permutations(alpabets):
    
            alphabet = ""
    
            for p in perm: 
    
                alphabet+=p  
    
                for i in range(0, alphabet.__len__()):
    
                    shifted_alphabet = alphabet[i:] + alphabet[:i]
    
                    table = str.maketrans(alphabet, shifted_alphabet)
    
                    print( ciphertext.translate(table))

~~~
johnpowell
It is almost like I left out important parts of how I retrieve my passwords.

