LastPass Iteration Count - Freely Available?

  • SpinRite v6.1 is Released!
    Guest:
    That's right. SpinRite v6.1 is finished and released. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.
  • Announcing “BootAble” – GRC's New Boot-Testing Freeware
    Please see the BootAble page at GRC for the whole story.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)


Techabilla

Member
Jan 4, 2023
9
2
I was curious about where the password iteration count was stored. Not in the vault apparently. So I tried watching the network connections as I logged into LastPass in an incognito window.

On my first attempt, I entered what I thought was the correct master password but the login failed. Before going any further, I looked at the list of network transactions and noticed a single POST to 'iterations.php' with my email address in the payload, and sure enough the response contained the correct iteration count for my vault (>500,000) - even though I had not authenticated.

I tried to replicate the transaction using POSTMAN, but could not make it work; the returned value was always 100,100.

I repeated the test several more times in fresh incognito windows and using bogus passwords; each time the POST to 'iterations.php' returned the correct iteration count for my vault.

So, even if by some miracle the iteration count was not in the metadata lost in the breach, it seems to be freely available from LastPass.

(Chrome on Windows 10)

EDIT: On reflection, the iteration count is probably essential to be able to correctly hash the master password for purposes of authentication, so it's probably no surprise that this is the case !!
 
Last edited:
This is really valuable research. Thank you. 🙏

You're right that the iteration # is necessary do decrypt the vault, but LP does not seem to have appreciated the sensitivity of the value to potential cracking....

But as @Steve notes 54 min into #905, you get greater security by adding characters to pwd than increasing iterations.
 
This is really valuable research. Thank you. 🙏

You're right that the iteration # is necessary do decrypt the vault, but LP does not seem to have appreciated the sensitivity of the value to potential cracking....

But as @Steve notes 54 min into #905, you get greater security by adding characters to pwd than increasing iterations.
Thanks.

I'd be interested to see if the iteration count is still available by that route after an account has been deleted. I'll try it when I eventually delete my account.
 
The good news for anyone who lost their vault (every LastPass current user, at least) is that the attackers are not using LastPass' presentation layer, probably, to try to decode the vaults - correct? This means that they may well be guessing the iteration count necessary to open vaults and this will cost in time and compute.

What is also not clear is what the trigger is or was to move from 1 to 500 to 5000 and to 100'100 iterations and when the change from ECB might have happened. It is also not clear, at least to me, as to whether the vault is encrypted plus each entry.

I hope my vault, deleted 2 years back, was not in their backups. If their retention policies were long then :eek: but I would expect given their ownership, cheap to be the saviour for me. Certainly, I cannot use my email address to claim a forgotten password so it would suggest from live, relatable datasets being queried that my vault cannot be found.
 
The good news for anyone who lost their vault (every LastPass current user, at least) is that the attackers are not using LastPass' presentation layer, probably, to try to decode the vaults - correct? This means that they may well be guessing the iteration count necessary to open vaults and this will cost in time and compute.

What is also not clear is what the trigger is or was to move from 1 to 500 to 5000 and to 100'100 iterations and when the change from ECB might have happened. It is also not clear, at least to me, as to whether the vault is encrypted plus each entry.

I hope my vault, deleted 2 years back, was not in their backups. If their retention policies were long then :eek: but I would expect given their ownership, cheap to be the saviour for me. Certainly, I cannot use my email address to claim a forgotten password so it would suggest from live, relatable datasets being queried that my vault cannot be found.
I've looked at a couple of LastPass 'technical' documents. The figure 30 days backup retention stuck in my mind. I don't recall anything about additional encryption for data at rest, but who knows....
 
2015, so all would be sitting with 5000 counts, unless you had changed it (the old Gibson complaint of the Tyranny of the default) to something, though i also likely had mine lost, though by the date shown i had already migrated to a longer password with the need to upgrade the vault, going to over 20 characters in the password, which probably means over 50 bits of entropy in the password now.

Pointless to delete your data, as it is out there now, along with the email address, so there likely is somebody going to write a script to attempt every single password, with the 5000 count that was the default then, and attempt to open every vault possible. So probably a good idea to change all passwords you have had since then that have not been updated since 2015, and to turn on 2FA auth as well, which with Gmail also means you can have trusted devices as well.
 
So a thought just occurred to me. If you still have access to LastPass, and if you haven't already, maybe change your iteration count now. On the assumption that the attackers can query LastPass for the CURRENT iteration count, they can't use that info against the OLD data they now have. (This, of course, assumes they don't have the "correct" value already.)
 
I checked my iterations count after last weeks podcast, and found a number different from 1, 500, 5000 or 100100. I don't recall exactly what it was, but the numbers that come to mind are 3500 and 35000. This was the result in 3 of the 5 LastPass Families accounts that I maintain. A 4th account is active, but owned by my daughter. The fifth was never set up by the person I sent the invitation to. I'd never heard of this setting before last week's podcast, so was not responsible for making this change. (Unless it was mentioned on Security Now sometime in the past and I'd changed it and forgotten about it...)

Honestly, I'm having trouble wrapping my head around how this situation is causing so much panic, aside from the shameful conduct of LP leaving the iteration count at 1 on many users. After listening to the details on the time it could potentially take to brute-force a single account, I have to wonder what a attacker's approach would be to single out one to attack, from a huge collection of every LP user's encrypted vaults. How would one target my account, for example? I'm just an ordinary Joe. Sure I've got banking and credit card information in my private notes, but I'm not worth much. How would I be singled out for attack from terabytes worth of encrypted data belonging to millions of LP users?

I do understand the scenario that a brute-force attempt could be completed in just over a minute, but that's under unusual circumstances, with a large number of GPUs working on the problem, and that's after the account is selected for evaluation.

I'm not discounting the possibility that it could happen to me. I'm looking at moving to Bit Warden, but I'm not exactly staying awake at night worrying about my LastPass vault being plundered. I'd prefer that the chances/risks were 0, but it seems to me that they are, in actuality, pretty close to that as it is.

LastPass has let us down, no question about that.
 
The good news for anyone who lost their vault (every LastPass current user, at least) is that the attackers are not using LastPass' presentation layer, probably, to try to decode the vaults - correct?
There's a setting in LastPass to deny logon from certain locations (Geo-IP-based, I'd guess). I wonder if those settings are respected by the settings.php endpoint. Assuming the bad guys are in a different country, that might provide a measure of re-assurance.

Similarly, if your account is deleted, would the endpoint return anything? The default maybe (100,100) - this is what it seemed to give back to POSTMAN)
 
Hi all. I've been sort of ignoring the latest Lastpass brouhaha since, as of a few weeks ago, I didn't think it was a big deal. I just listened to SN 905, which I'm going to do again, along with SN 904. Now, my thought is ...

... Blast. ...

Maybe it is a big deal. I may have to think about changing all my passwords and maybe migrating off of LP. I have a pretty decent master password, and I THINK I set my iteration count to 100,000 more or less before. I'll have to check that. I've tried Bitwarden once before and had problems. Don't know, may try it again. @Steve recommended bumping the count up to 1,000,000 in SN 905. Also, I think when he recommended going to 100,000 a few years ago that he mentioned making it something which varied a bit from the standard number could help.

@Steve and Leo, I just want to say THANK YOU for all the info you've shared in the last 15 years on the SN podcast. That info has been critical, integral, pivotal, to helping me survive the modern computer world. I adopted LP probably a decade ago because you recommended it. I may have to abandon it now for the same reason. I hate that, but at least I know. Another thing @Steve and Leo mentioned in SN 905 is that LP could go out of business. That's a scary thought too. Maybe time to start thinking about keeping 1 or more local copies of your password database blob, however one does such things.

Guess I get to spend my weekend figuring out how to deal with this issue and whether it affects any family.

:(

May your bits be stable and your interfaces be fast. :cool: Ron
 
Here's some more Lastpass information that you might find helpful. I just changed my iteration count to over 1 million on two accounts. I have hundreds of passwords. My dual core 2 GHz Windows 7 machine now takes about 1 minute to access the LP database including time for me copying and pasting a 2FA code. Of course, that doesn't affect the compromised backup database that was stolen.

Here are several resources on the LP site that might help you. I can never remember how to get into account settings and it's not obvious from the lastpass.com website. I can't get into it from the vault from the browser plugin for some reason. I have to go to the website.

This page explains how to change the iteration count.


including the magic address that I can never find. I had to put this in quotes so the forum wouldn't decode and substitute a url block for it. I want you to see it. Remove the quotes when you use it.:

"https://lastpass.com/?ac=1"

Note that my.lastpass.com doesn't work and lastpass.com/my.php doesn't work.

This blog post:


talks about the security incident. It says that if you're following their recommendations for you master password, you should be OK. I agree with @Steve that they should have automated the iteration count change and that they should be more proactive on notifying users of a problem. But, it looks like they're doing the right stuff behind the scenes. The iteration count on one of my accounts was ~ 20,000 and on another it was ~100,000. My master passwords are pretty good quality, so I think, right now, I'm still sticking with LP. I do believe I'm going to put some time and effort into having some kind of backup of the database and also verifying that all my devices can login and that I can access the database while not having access to the internet. I've had problems with that in the past.

This talks about what your master password should be like:


This talks about their zero knowledge architecture:


This is a whitepaper describing their systems:


I'm still going to review their tech data again and SN 904 and SN 905 again to make sure I haven't missed anything. But, for the moment, I'm still with LP. At the moment, also, I'm NOT changing all my passwords at all the sites.

Hope this is helpful.

May your bits be stable and your interfaces be fast. :cool: Ron
 
Last edited:
FYI, PS, this is a quote from the blog post from Lastpass:

"If you use the default settings above, it would take millions of years to guess your master password using generally-available password-cracking technology. Your sensitive vault data, such as usernames and passwords, secure notes, attachments, and form-fill fields, remain safely encrypted based on LastPass’ Zero Knowledge architecture. There are no recommended actions that you need to take at this time.

However, it is important to note that if your master password does not make use of the defaults above, then it would significantly reduce the number of attempts needed to guess it correctly. In this case, as an extra security measure, you should consider minimizing risk by changing passwords of websites you have stored."

May your bits be stable and your interfaces be fast. :cool: Ron
 
  • Like
Reactions: CredulousDane
PPS I also want to put a plug in for @Steve 's Password Haystacks page which I just visited in regards to Lastpass. You can put a password in, or if you prefer, something with a similar structure to your password in terms of the number of upper case, lower case, digits, and symbols in your password. The web page says nothing ever leaves the page so what you put in isn't going back to the mother ship. You can get an idea of how long a massive cracking array, or even simpler things, would take to crack your password. I would also recommend reading the page. Pay special attention to the discussion about PADDING. So, I put in something like the structure of my Lastpass password and it said 7.34 billion trillion trillion centuries to crack. It's a pass phrase with at least 25 characters and various types of padding. It has actual words in it, so the calculation is optimistic maybe, but I still think I'm OK.


May your bits be stable and your interfaces be fast. :cool: Ron
 
  • Like
Reactions: SeanBZA
I would say that, along with the actual vault data, part of the metadata taken is actually the hash count, as that would be very closely tied with the email address, as after all both are needed, so the database would have both together, along with the blob.
 
However I also updated iteration count to a random more than 5 digit number, at least bolting the stable door, and the entire thing, including the logging in again, took exactly a minute to do, watching the clock count up seconds, with the password re prompt coming after 50 seconds.
 
Listen to the latest SN. Iteration count is not secret, it cannot be.
Strong password is the solution.
 
Public service announcement for Lastpass users. My LP extension is working fine in Brave and Firefox. However, ALL the extension settings were apparently reset in both browsers including things like whether I want auto fill, auto logoff, whether to fill addresses, whether to fill credit cards, etc. So, check your extension settings to make sure they haven't changed. You may be surprised what they're set to, and they may not be what you want or set before. It also keeps wanting to give me a tour of my vault and I keep saying never. This is very poor update management in my opinion.

May your bits be stable and your interfaces be fast. :cool: Ron
 
Public service announcement for Lastpass users. My LP extension is working fine in Brave and Firefox. However, ALL the extension settings were apparently reset in both browsers including things like whether I want auto fill, auto logoff, whether to fill addresses, whether to fill credit cards, etc. So, check your extension settings to make sure they haven't changed. You may be surprised what they're set to, and they may not be what you want or set before. It also keeps wanting to give me a tour of my vault and I keep saying never. This is very poor update management in my opinion.

May your bits be stable and your interfaces be fast. :cool: Ron

This one I also had a few days ago but solved it by re-installing the extension.
 
  • Like
Reactions: Coffee
Public service announcement for Lastpass users.
A little strange replying to myself but I wanted to give an update. My LP extension in Brave has, again, reset all it's preferences settings. Just passing it along. This is getting really old. I'm going to have to allocate an afternoon to doing nothing to troubleshooting, reinstalling, and configuring LP. Use this info for what it's worth.

May your bits be stable and your interfaces be fast. :cool: Ron