[Cryptography] Lastpass hacked.
Tom Mitchell
mitch at niftyegg.com
Mon Jun 15 21:34:18 EDT 2015
Apparently lastpass was hacked, What else should a password service
do day in and day out? What should a customer do beyond adding something
not on line?
https://blog.lastpass.com/2015/06/lastpass-security-notice.html/
"We want to notify our community that on Friday, our team discovered and
blocked suspicious activity on our network. In our investigation, we have
found no evidence that encrypted user vault data was taken, nor that
LastPass user accounts were accessed. The investigation has shown, however,
that LastPass account email addresses, password reminders, server per user
salts, and authentication hashes were compromised.
"We are confident that our encryption measures are sufficient to protect
the vast majority of users. LastPass strengthens the authentication hash
with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in
addition to the rounds performed client-side. This additional strengthening
makes it difficult to attack the stolen hashes with any significant speed."
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150615/ef14e48a/attachment.html>
More information about the cryptography
mailing list