On June 15th, LastPass issued a security
warning regarding suspicious activity on their network [1]. They stated that their
vault containing encrypted passwords was not accessed, but believe the
following were compromised
·
email addresses
·
password reminders
·
user salts
·
authentication hashes
So what can the hackers do with this stolen information?
Password manager sites will always be a hacker target because of the
potential rewards. Hackers now have copies of all hashed
master password. By themselves the hashes are pretty useless, but should these be cracked, the hackers will be able to
access the password vaults. However, cracking these hashes through brute force or rainbow tables is unlikely due to the cryptographic protection methods that LastPass use. Let’s
look at these:
Authentication Hashes & User Salts
Master passwords are not stored by LastPass. Instead, LastPass store a hash of the master password. When a user logs into LastPass, whatever is typed in as the password is hashed in the same method as the master password and compared against the master password hash. If they match, bingo, you are let in.
LastPass recently changed to SHA256 hashing. If LastPass stored just a SHA-256 hash of the master password, comparing master password hashes with a SHA256 rainbow table would probably reveal a large percentage of master passwords. To avoid this LastPass use salting as a method to protect authentication hashes. Salts don't have to be kept secret, as long as they are random and unique to each user. To strengthen the master password hash, the master password is combined with a random salt, which then undergoes 100,000 rounds of SHA256 PBKDF-2 hashing (in addition to any rounds performed client-side).
As a SHA-256 hash is a one way function, the master password cannot be reverse engineered from the hash. In order to rainbow table crack the hash, the hacker will need to run a rainbow table that has been salted with the same salt. With random salts, even if a bunch of users have the same password, the salt will make each hash unique. Provided each salt is random, cracking authentication hashes through rainbow tables is pretty unlikely.
But the hackers also copies of each user's random salt. To crack the master passwords, the hackers still need to know the algorithm used for combining the master password with the salt. As LastPass code is not open source, this is an unlikely way to crack the hashes. Instead, hackers will need to brute force or socially engineer the password.
LastPass recently changed to SHA256 hashing. If LastPass stored just a SHA-256 hash of the master password, comparing master password hashes with a SHA256 rainbow table would probably reveal a large percentage of master passwords. To avoid this LastPass use salting as a method to protect authentication hashes. Salts don't have to be kept secret, as long as they are random and unique to each user. To strengthen the master password hash, the master password is combined with a random salt, which then undergoes 100,000 rounds of SHA256 PBKDF-2 hashing (in addition to any rounds performed client-side).
As a SHA-256 hash is a one way function, the master password cannot be reverse engineered from the hash. In order to rainbow table crack the hash, the hacker will need to run a rainbow table that has been salted with the same salt. With random salts, even if a bunch of users have the same password, the salt will make each hash unique. Provided each salt is random, cracking authentication hashes through rainbow tables is pretty unlikely.
But the hackers also copies of each user's random salt. To crack the master passwords, the hackers still need to know the algorithm used for combining the master password with the salt. As LastPass code is not open source, this is an unlikely way to crack the hashes. Instead, hackers will need to brute force or socially engineer the password.
Threat: reverse engineering master password hashes. Likelihood: Unlikely
Threat: cracking master password via rainbow tables. Likelihood: Unlikely/Low
Threat: brute forcing the master password. Likelihood:
Low (if the password is strong enough)
Additionally, LastPass employs some other useful features. Probably the most useful feature is 2FA. Even with your master password, a hacker still requires your pin (which could be intercepted, but is unlikely) to access your vault. Restricted country log-in and restricted Tor log- ins should increase the difficulty to accessing the vault even with the master password.
Additionally, LastPass employs some other useful features. Probably the most useful feature is 2FA. Even with your master password, a hacker still requires your pin (which could be intercepted, but is unlikely) to access your vault. Restricted country log-in and restricted Tor log- ins should increase the difficulty to accessing the vault even with the master password.
So why did the hackers bother to steal this information if they cannot access password vaults without cracking the master password?
Email Addresses
LastPass’s choice to go public on this breach was wise as this should
make users mindful of any emails that appear to originate from LastPass asking you to click on this
link...don’t!
Threat: SPAM and phishing. Threat Level: High (Low, if users are vigilant)
Password Reminders
It is unsure if the reminder questions were themselves encrypted, but I
have not read anything to suggest they were. So any threat depends on the
user’s security awareness. The hackers cannot do much with the reminders
themselves, as reminders cannot include the actual password. But if the reminder was “My mother’s maiden
name”, a little bit of social engineering should easily acquire the master
password. Ideally, security aware users won’t user password reminders at all, choosing
to remember the master password in another fashion such as writing it down
and storing it in a safe. The cunning user might leave their reminder as "mother’s maiden
name" but have their actual master password totally unrelated.
Threat: Master password information. Threat Level: Medium/High
Of course this hack adds fuel to the argument of storing
possible hundreds of passwords in the cloud. Even with robust protection, such
as LastPass, cloud storage is probably unsuitable for storage of really important things.
But then, what are the options? Make all your passwords weak so you can
remember then? Write them on a Post-It and stick it to your monitor? When looking at any security process we should always revert back to “How
important is the information we want to protect?” Remember, security will always be a trade
off between security versus convenience. Password storage is not different. Passwords stored with a salting algorithm and a strong hashing algorithm such as SHA-256, should be pretty difficult to acquire by rainbow tables.
The main difference between this attack and the 2011 breach [2],
is that LastPass notified their user-base so quickly. Most useful to the hackers will be password
reminders, then the email addresses. So as long your reminder does not reveal your password
and you stay vigilant about phishing emails, then you should be okay. You should enable 2FA if not already enabled. Oh, probably use this as an excuse to change your master password - it won't hurt.
No comments:
Post a Comment