LastPass breach and implications for BitWarden

I think 1Password only has a blockchain seed template you can use within 1Password. I don’t remember LP having a similar template. It encourages a very poor security practice.

That’s a very very good point from 1password in my opinion. I’m a Bitwarden user and I’m also trying to see what Bitwarden thinks about this. Adding a 256 bit random secret key to your password that’s only stored locally on the device or paper means that the vault is encrypted by two different factors, your password, and the secret key. The 2fa options that Bitwarden offers are only when logging in, but if someone has the vault, they only need your password and can theoretically be brute forced (as far as I understand). The people that keep saying that Bitwarden is just as good if you use a good password are missing the point in my opinion:

-first of all, you don’t improve or become the best, if your mentally is “it’s good enough”. If a hypothesis suggests that something can make things even better, then it should be studied really hard.

  • people keep making calculations to show that if you have a password of particular length that it will take a million years or whatever to crack, but the reality is it would be extremely difficult to create a truly random master password, people will often create a password that they can remember but they think will be difficult for someone else to guess. Having a password made of words, while substitution numbers for letters such 4 for A, 7 for T etc (leet speak), and then adding a suffix of numbers or special character is not as secure as people think. That’s because password crackers are way more sophisticated than people think, they don’t try different random letter combinations one by one like people think, so all those calculations of how many years it will take doesn’t even apply. Password crackers can do a dictionary attack and do all these tricks of substitutions and suffixes, the dictionary of words come from previously leaked passwords such as the millions that yahoo leaked and the million others that some other company leaked and so on, the password cracker will start with the passwords that are more common, and depending on the algorithm selected it can guess from there the substitutions and additions etc … if you thought of a password, then someone else can think of it as well.
    Your particular password doesn’t even have to be used or leaked before, if a similar password or similar part of your password was leaked then the cracker may guess correctly. Normally this isn’t such a big issue when talking about online login password because you usually get locked out after 10 wrong tries or so but when you can try as many times as you want to unlock your vault, then we have to think of the issues.
    -Another point is that even if your personal password is a gazillion characters long and no way in hell it will be cracked, the reality is that other people’s password are not as strong, and hackers know this, so there will be incentive to get their hands on the vaults and try to crack the weak vaults, meaning hackers will focus on Bitwarden in general. But having a secret key added to every vault like 1password said, means that even people who have week passwords will be very very difficult to crack since it still has a random 256 bit secret key, so hackers wouldn’t bother with password managers that do that, and will focus their attention on others that don’t use this additional secret key (which at the moment is LastPass and Bitwarden unfortunately).

Note I’m not a technical person so I may have got something wrong, but I strongly feel that this topic should be given enough attention and studied with self critique, not by being defensive of current practices and just saying use a stronger password etc…

1 Like

I don’t have much doubt that 1password is pretty much the gold standard of security.
The fact that they enforce the use of the secret key tells me they prioritise their users security over business.

However, I have come to BW because I didn’t want to be forced to use a secret key file.
Yes my password has to be longer (much) than it would in 1password but managing the secret key file sounded like too much of a PITA.

Hey Mycenius, I have just read the two first pages for the moment. Really AMAZING.
“Devil hides in details”.

Are we sure that that kind of security flaws don’t exist in Bitwarden environment? Who knows.

May I introduce you to a readily available source of pure entropy called “dice”? Dice rolls are a great way to create an uncrackable passphrase. And if you don’t want to read the instructions and roll the dice yourself, you can use an online passphrase generator (such as this one, this one, or this one).

Other than the above quibble, I don’t disagree with anything you wrote.

I might play devil’s advocate and say it’s the opposite — 1Password enforces the secret key to protect their business, to “CYA” so that they are not liable if their servers are breached. More charitably, they want to reduce the “attractiveness” of their servers to attackers (which they have admitted was a motivation for this feature).

Tonight I received a notice from MS Authenticator asking me to approve a login attempt (while I was watching TV). Just now got around to looking it up as I had previously denied it. Came from IP, which is – “networking sharing device or proxy server” out of Rotan Texas. ISP is listed as Rydell Properties, LLC. No way a .de domain name is from Texas. Unfortunately, logging into doesn’t ask for your password. It usually defaults to sending the MS Authenticator app prompt first. I wish there was a way to change that.

This is very suspicious given the recent LastPass incident. I’m assuming I don’t need to change my password since Microsoft isn’t asking for the password currently and I denied the login attempt.

That is listed as a TOR exit node. The purpose of TOR is anonymous communication, the person making the login request could be anywhere in the world.

I would be very scared. :scream:

I know it’s difficult to estimate password entropy but did you have a weak password or low iteration?

No, it’s a lengthy password. That’s not how Microsoft’s accounts work though. The majority of times, it doesn’t ask for a password. You enter your email address and it sends an authentication notification to the app to approve the login.

I believe that’s what happened here. I don’t think they have my password.

What are the odds of enabling a memory hard function like argon2 (ahem) as PBKDF2 has shown how much weaker it is.

I have a question about this. Clearly, the icons make things easier. But, is that just as bad as LastPass not encrypting the URI? If there is a Chase icon that is not encrypted, can a hacker easily know that it is a bank login and focus their “attack” on that single login?

I have seen this addressed in the help file. I think it does leak some information but not from an encrypted vault so nothing as bad as LP who don’t even encrypt the website URL.
Also icons can be disabled.

I left LastPass after the Dec 2022 breach revelation. I chose Bitwarden over 1Password. Bitwarden open source code gives me more confidence they’re actually doing what they’re selling. Nothing against 1Password but whenever there’s proprietary code its too easy for developers to hide screwups when they happen.

LastPass needs to be shut down. Losing all their customers vaults is bad. But not encrypting all the vault data is outrageous malfeasance. I have no doubt this was intentional for monetizing their users. I trust my LP vaults will not be easily hacked but revealing my email and websites sends shivers down my spine. Can’t wait for the phishing emails to start pouring in my inbox.

1 Like

I’ve definitely noticed an uptick on those in the past week.

Side channel attack risk with Argon?

underdog99 Welcome to the community forums.

Interesting. Aren’t most side channel attack vectors shared environments? Would the browser be a shared environment in this case, allowing for eavesdropping by malicious javascript?

So Argon2i or Argon2id would appear to be resistant to the side channel attack vectors mentioned. The follow from LP continues and we keep learning new things about the weaknesses of PBKDF2. Seems like a great opportunity to shake things up, and BW appears to be responding to all of it, which is something that LP isn’t doing.

Isn’t it best to encrypt all field (for eg. “revisionDate”) and field contents. Also if a custom field name is created it will also be visible in json file. For more details refer here.

@giantboxer Of course, more encryption may marginally improve privacy or security. But can you propose a plausible attack scenario in which a conscientious user (i.e., one who uses only unique, randomly generated, strong passwords for the logins stored in their vault, and for their Master Password) would be exposed to risk based on the clear-text storage of revision/creation dates in their vault?

This is not accurate (assuming that you are referring to the data.json file that holds the cached vault contents).

1 Like