Looking for explanation of how the stolen LP vaults would be cracked

  • SpinRite v6.1 is Released!
    Guest:
    That's right. SpinRite v6.1 is finished and released. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.
  • Announcing “BootAble” – GRC's New Boot-Testing Freeware
    Please see the BootAble page at GRC for the whole story.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)


tlmcca

Member
Jan 15, 2023
10
3
I've already switched from LP to BitWarden but I'd still like to how you get from hash to text.

Some background to show where I'm starting from:

I understand the meanings of hash, salt and PBKDF2 but I can't get my head around what they mean in terms of how likely a hash resulting from using them can be cracked.​
At the time the LastPass vaults were stolen my master password contained 5 lower case words separated by blanks with a symbol at the end. My iteration count at that time was 100,001. Unless my ignorance is blocking me from seeing something, I think my master password is safe from cracking. Please correct me if I'm wrong.​
I'm also confused about the hashing of passwords for individual accounts stored in the vault. Are those hashes generated using the same process as is used for the master password?​

So, what are the steps that the cracker would go through to get the plain text from the hash?

Thanks,
Terry
 
When cracking passwords in general (not just login credentials) you have approximately three options:
1. Try every likely (or possible) password (generate passwords to try)
2. Try every possible key for the encryption
3. Find a flaw in the approach or algorithm (or potentially in physical security, as in find the password written down, or phish it, or whatnot)

So now we need to know something about how the data is encrypted. If the file is encrypted with AES (AES256 is this example), then it has a key. That key is (or should be) a 256bit random string of bits. It's nothing like a password, because it's binary, it would not be memorable unless converted to hex, and even then it wouldn't be especially memorable for a user. An example might be:
f2 f3 e2 0a cb f7 44 3f 61 8f aa 15 11 4f 51 68 b3 29 a3 53 ab 43 cd 9e a3 59 d3 91 4e e3 dd eb
In #2 above, the attacker would try 00......00 through FF......FF which is 2^256 possible values, and there just is no way this can ever done in less than billions of years. (Trust me on the math, but I've covered it before.)

In order for the user to have a chosen password, there needs to be a way to convert the password into the key. This is done with a secure hash, like SHA256. Now there are two possibilities. One is to use the result of the hash directly as the key (as they're the same size,) but this has a downside if you change your password, the entire encrypted data file needs to be re-encrypted with the new key derived from the new password. Since there really is no reason to ever change the key and re-encrypt the file, it's frequently the case that the key derived from the password is just used to encrypt the key used for the rest of the file.

Quality encryption is indistinguishable from random binary noise. So if you enter the wrong password, and no checking of the password is done, then it could be used to decrypt the file, and it would result in garbage, but it would go undetected. The traditional way to solve this problem, is to have some sort of "check value" be in the data (or a hash of the data) so that when the correct password is entered, the correct check value pops out, and the program can know you got your password correct.

So this is what the attacker must do for #1. They must generate plausible passwords, run them through all the steps, and then see if the password check passes. If it does not, then they try another password and so on. By putting PBKDF2 into the middle of all this password checking, the hope is to slow down this process to make it too inefficient to be able to check passwords, in hopes that no attacker would ever mount such an attack.
 
Try every possible key for the encryption
I guess I could have mentioned the Distributed NET RC5 password cracking project. It was started back when RC5 was considered state of the art and there was a $10K US prize for cracking it. It encourages "idle" computers to help bulk crack password protected blocks of data, to show how long (i.e. difficult) such attacks can be. In the end, they kinda pivoted away from that effort, towards a mathematical problem known as Optimal Golomb Rulers (OGR.)

EDIT: Make sure you check out the statistics pages to get some sense of how much work this has all been.
 
Last edited:
  • Like
Reactions: rfrazier
A question I had after hearing the SN casts about LastPass is: "Isn't switching to another password manager without also changing all the passwords sort of pointless?" Seems to me that if you don't, eventually your LP vault could be opened and all your passwords available. Who cares what password vault contains your passwords if they're the same passwords? I don't recall either Steve or Leo mentioning this point.
 
A question I had after hearing the SN casts about LastPass is: "Isn't switching to another password manager without also changing all the passwords sort of pointless?" Seems to me that if you don't, eventually your LP vault could be opened and all your passwords available. Who cares what password vault contains your passwords if they're the same passwords? I don't recall either Steve or Leo mentioning this point.
My thoughts exactly which is why I changed the passwords for all my critical accounts even before switching to BitWarden. I think I'm going to change them all again since I don't know what remnants of my old LP vault still exist with the new passwords.

Terry
 
without also changing all the passwords
I believe everyone has suggested this if they are also suggesting abandoning LastPass. I will be honest that I don't store any password of value (like banks or insurance, etc) in my vault because I just don't trust my vault that much. Not so much the security of the encryption, as my password is long, but the possibility I might somehow get phished or otherwise compromised. So while I should probably change any password in my vault, I am not in a huge rush, because there is nothing much of value it there. If you really want to compromise my WEMO settings, I guess you can have fun when I next haul it out for the Xmas tree. ;)

I'm not suggesting you shouldn't change all your passwords... but only you know how vulnerable you are/feel and thus how much of a rush you should be in.
 
Probably the most important password that anyone has is for their Email account. If that gets compromised, an attacker can reset most other passwords with an email exchange.
 
  • Like
Reactions: SeanBZA
Probably the most important password that anyone has is for their Email account. If that gets compromised, an attacker can reset most other passwords with an email exchange.
Yes reason I updated my email password, got the 2FA sent to the other phone and accepted it, then updated the email in LP itself. Then exported the vault again, and it is sitting in a safe location.