« previous next »
Pages: 1 [2]   Go Down

LastPass?

0 Members and 1 Guest are viewing this topic. Read 6408 times.

mtRoom

  • Newbie
  • Posts: 1
Re: LastPass?
« Reply #20 on: 4 Jan 2015, 09:21 am »
Quote from: wilsynet on 29 Feb 2012, 04:37 am
First, let me apologize for saying in my earlier post that LastPass likely uses asymmetric cryptography.  Thinking about it more carefully, I don't think that's the case.


To clarify an old post, it does use asymmetric encryption.

Quote
LastPass uses public/private key cryptography - specifically RSA from Crypto++ and jsbn - to allow users
to share their accounts with trusted parties, without ever sharing it with LastPass. The distinguishing
technique used in public-key cryptography is the use of asymmetric key algorithms, where the key used
to encrypt a message is not the same as the key used to decrypt it.

Source:
https://enterprise.lastpass.com/wp-content/uploads/LastPass-Security-and-Compliance.pdf

Logged

jtwrace

  • Full Member
  • Posts: 11415
  • www.theintellectualpeoplepodcast.com
    • TIPP YouTube Channel
Re: LastPass?
« Reply #21 on: 4 Jan 2015, 02:57 pm »
Quote from: mtRoom on  4 Jan 2015, 09:21 am

To clarify an old post, it does use asymmetric encryption.

Source:
https://enterprise.lastpass.com/wp-content/uploads/LastPass-Security-and-Compliance.pdf

Welcome to AC!  That's an odd first post.  :lol:
Logged

Doublej

  • Full Member
  • Posts: 2693
Re: LastPass?
« Reply #22 on: 4 Jan 2015, 10:12 pm »
Quote from: JEaton on 29 Feb 2012, 04:26 am
I tell this story a lot:

Years ago, I took over the development of a small web site that had a membership signup. Membership didn't do much other than let users manage their email preferences, choosing from a couple of different newsletters and notifications. The original developer chose to store user passwords in plain, unencrypted text. Many of the email addresses were through Yahoo, Hotmail and similar sites. One day, just for grins, I went to Yahoo and started trying to login using the passwords. At least 1/3rd of them worked.

So, yes, using the same password at multiple sites can be a very dangerous thing to do.

Did you just admit to a felony act on a public website? :scratch:
Logged

Doublej

  • Full Member
  • Posts: 2693
Re: LastPass?
« Reply #23 on: 4 Jan 2015, 10:19 pm »
Quote from: skunark on 29 Feb 2012, 04:51 am
A key fob changes every 45 seconds or so, so as long as you log out, that account is still secure, unless they crack they key fob.   Lastpass doesn't even offer that (but has some sort of 2nd form of authentication but appears to be fixed) and it's like having all your eggs in one basket with absolute no liability protection if it does get stollen.

In 2011 RSA acknowledged a breach on their infrastructure which affected 40 million users. Point being key fobs have been compromised en masse.
Logged
Pages: 1 [2]   Go Up
« previous next »