The Infosec Thread: Yes, time to move off LastPass

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Infosec Thread: Yes, time to move off LastPass

«‹›504 »

Pile Of Garbage: May 28, 2007

I've been petitioning HR to change my title to Associate Systems Specialist or rear end.

# ? Nov 5, 2016 05:57

Adbot: ADBOT LOVES YOU

# ? May 5, 2024 05:33

Proteus Jones: Feb 28, 2013

cheese-cube posted:

I've been petitioning HR to change my title to Associate Systems Specialist or rear end.

I pitched Network Security and Audit, and made it pretty far up the chain until a VP sent me an email that said:

quote:

Nice try, but we're not going to let you call yourselves "NSA"

# ? Nov 5, 2016 06:03

apseudonym: Feb 25, 2011

My business cards list my job as �\_(ツ)_/�

# ? Nov 5, 2016 06:04

andrew smash: Jun 26, 2006; smooth soul

flosofl posted:

I pitched Network Security and Audit, and made it pretty far up the chain until a VP sent me an email that said:

Go for communication resources protection office and then you can be creepo

# ? Nov 5, 2016 06:34

Lain Iwakura: Aug 5, 2004; The body exists only to verify one's own existence.; Taco Defender

apseudonym posted:

My business cards list my job as ¯\_(ツ)_/¯

This is a title I'd prefer.

# ? Nov 5, 2016 14:18

porktree: Mar 23, 2002; You just fucked with the wrong Mexican.

apseudonym posted:

My business cards list my job as �\_(ツ)_/�

I have mine as "Se�or Principal Oracle DBA".

# ? Nov 6, 2016 02:42

some kinda jackal: Feb 25, 2003; �
�

Oh neat there's an infosec thread.

Currently freaking out about my impending CISSP debacle. Work is paying for it, but finance is v. bad at their jobs and has yet to actually send payment so while I'm technically registered for, and can attend the bootcamp on the 25th I can't get my exam voucher yet and now it's probably going to be like months between my camp and the exam.

Working on OSCP in Q1 anyway, infinitely more interesting.

# ? Nov 6, 2016 03:23

Daman: Oct 28, 2011

did you tell them certs are a scam to take advantage of the corporate world and that they should just upgrade your salary instead

vocabulary quizzes and typing exploit into meatsplot isn't worth ur time as a skilled engineer

# ? Nov 6, 2016 15:05

some kinda jackal: Feb 25, 2003; �
�

Fun excuse to not be at work for a week at a time so I'll take it.

Unless it's this upcoming bootcamp which seems like it will be less fun than average.

# ? Nov 6, 2016 18:25

Xarn: Jun 26, 2015

All employee at my work are probably going to get Yubikeys. Are they actually good?

# ? Nov 6, 2016 20:28

B-Nasty: May 25, 2005

Xarn posted:

All employee at my work are probably going to get Yubikeys. Are they actually good?

Which Yubikey model, and what are you using them for? For basic U2F, they're nice little devices, but the Yubikey 4 recently moved most of their advanced crypto features to a closed source blob (was previously open source.) https://plus.google.com/+KonstantinRyabitsev/posts/4a7RNxtt7vy

Whether or not that matters to you would depend on your uses for the device and your trust of closed source crypto.

# ? Nov 7, 2016 15:01

Subjunctive: Sep 12, 2006; ✨sparkle and shine✨

What's the Yubi story for the new Macs? Will they do some pass through thing so you can still charge your laptop? Maybe there's a TouchID U2F thing?

# ? Nov 7, 2016 15:32

MrMoo: Sep 14, 2000

Excuses but they at least did prepare a little bit:

https://www.yubico.com/2016/07/yubikey-route-usb-c/

# ? Nov 7, 2016 17:32

BangersInMyKnickers: Nov 3, 2004; I have a thing for courageous dongles

Here comes the YOSPOS cross-post:

BangersInMyKnickers posted:

OKAY, SCHANNEL GPO UPDATE TIME I FINALLY STOPPED PUTTING IT OFF

Win10/Server 2016

Win10 adds good ciphers using ECDHE (forward secrecy) using AES GCM mode with good signing. Great, thanks Microsoft. I also included DSA support if it supports ECDHE and good signing (SHA256 or better). In general, gently caress DSA and I am only throwing in the best cipher the OS supports for compatibility sake. There's character limits for the schannel GPO.

code:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

MS wisely split out curve support in to its own policy to get around the character limit issues. Look for ECC Curve Order next to your SSL Cipher Suite Order policy. There's a lot more curves that are supported but this seemed like enough.

code:

NistP521
NistP384
NistP256
SecP521r1
SecP384r1
SecP256r1
SecP256k1
Curve25519

Server 2012/2012R2/Win8/Win8.1

Good GCM support is only on the DSA ciphers so its at the top of the list but nothing will probably use it. ECDHE (forward secrecy) support is a priority so the first RSA ciphers are CBC mode because the RSA/GCM ciphers can't support forward secrecy.

code:

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

Server 2008R2/Win7

Microsoft claims that GCM support was patched in to 2008R2/Win7. THIS IS A DIRTY loving LIE and if you turn it on it will break negotiation of all AES ciphers and the only thing you will be left with is 3DES.

code:

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

Server 2008/Vista

These OS's are poo poo but maybe you still have some of them floating around. No SHA256 support so it needs its own policy.

code:

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

I've seen enough problems with weak primes on the DHE ciphers (non-EC) that I am disabling them as a matter of best practice. 3DES is the fallback cipher because RC4 is garbage. Controlling TLS versions is in the registry under SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\ but there is no GPO for it so you'll need to do it with registry preferences. Make sure SSL2/3 are forced off along with MPUH and PCT (probably not an issue but might as well make sure). TLS 1.0 is looking worse and worse and nobody cares about 1.1, so see if you are in a position to go TLS1.2-only. 2008 only supports 1.0 so you'll need to be on at least 2008R2 to pull it off.

MS has a nice page that tells you all the supported ciphers for each os: https://msdn.microsoft.com/en-us/library/windows/desktop/aa374757(v=vs.85).aspx

And here's the supported curves on Win10 LTSB (probably the same for all the newer builds)

code:

Microsoft SSL Protocol Provider:
--------------------------------
Curve Name          Curve OID                     Public Key Length   CurveType           EccCurveFlags
-----------------------------------------------------------------------------------------------
brainpoolP256r1     1.3.36.3.3.2.8.1.1.7          256                 26                  0x3
brainpoolP384r1     1.3.36.3.3.2.8.1.1.11         384                 27                  0x3
brainpoolP512r1     1.3.36.3.3.2.8.1.1.13         512                 28                  0x3
nistP192            1.2.840.10045.3.1.1           192                 19                  0x3
nistP224            1.3.132.0.33                  224                 21                  0x3
nistP256            1.2.840.10045.3.1.7           256                 23                  0x3
nistP384            1.3.132.0.34                  384                 24                  0x3
nistP521            1.3.132.0.35                  521                 25                  0x3
secP160k1           1.3.132.0.9                   160                 15                  0x3
secP160r1           1.3.132.0.8                   160                 16                  0x3
secP160r2           1.3.132.0.30                  160                 17                  0x3
secP192k1           1.3.132.0.31                  192                 18                  0x3
secP192r1           1.2.840.10045.3.1.1           192                 19                  0x3
secP224k1           1.3.132.0.32                  224                 20                  0x3
secP224r1           1.3.132.0.33                  224                 21                  0x3
secP256k1           1.3.132.0.10                  256                 22                  0x3
secP256r1           1.2.840.10045.3.1.7           256                 23                  0x3
secP384r1           1.3.132.0.34                  384                 24                  0x3
secP521r1           1.3.132.0.35                  521                 25                  0x3


CNG Curves:
-----------
Curve Name          Curve OID                     Public Key Length
-------------------------------------------------------------------
brainpoolP160r1     1.3.36.3.3.2.8.1.1.1          160
brainpoolP160t1     1.3.36.3.3.2.8.1.1.2          160
brainpoolP192r1     1.3.36.3.3.2.8.1.1.3          192
brainpoolP192t1     1.3.36.3.3.2.8.1.1.4          192
brainpoolP224r1     1.3.36.3.3.2.8.1.1.5          224
brainpoolP224t1     1.3.36.3.3.2.8.1.1.6          224
brainpoolP256r1     1.3.36.3.3.2.8.1.1.7          256
brainpoolP256t1     1.3.36.3.3.2.8.1.1.8          256
brainpoolP320r1     1.3.36.3.3.2.8.1.1.9          320
brainpoolP320t1     1.3.36.3.3.2.8.1.1.10         320
brainpoolP384r1     1.3.36.3.3.2.8.1.1.11         384
brainpoolP384t1     1.3.36.3.3.2.8.1.1.12         384
brainpoolP512r1     1.3.36.3.3.2.8.1.1.13         512
brainpoolP512t1     1.3.36.3.3.2.8.1.1.14         512
curve25519                                        255
ec192wapi           1.2.156.11235.1.1.2.1         192
nistP192            1.2.840.10045.3.1.1           192
nistP224            1.3.132.0.33                  224
nistP256            1.2.840.10045.3.1.7           256
nistP384            1.3.132.0.34                  384
nistP521            1.3.132.0.35                  521
numsP256t1                                        256
numsP384t1                                        384
numsP512t1                                        512
secP160k1           1.3.132.0.9                   160
secP160r1           1.3.132.0.8                   160
secP160r2           1.3.132.0.30                  160
secP192k1           1.3.132.0.31                  192
secP192r1           1.2.840.10045.3.1.1           192
secP224k1           1.3.132.0.32                  224
secP224r1           1.3.132.0.33                  224
secP256k1           1.3.132.0.10                  256
secP256r1           1.2.840.10045.3.1.7           256
secP384r1           1.3.132.0.34                  384
secP521r1           1.3.132.0.35                  521
wtls7               1.3.132.0.30                  160
wtls9               2.23.43.1.4.9                 160
wtls12              1.3.132.0.33                  224
x962P192v1          1.2.840.10045.3.1.1           192
x962P192v2          1.2.840.10045.3.1.2           192
x962P192v3          1.2.840.10045.3.1.3           192
x962P239v1          1.2.840.10045.3.1.4           239
x962P239v2          1.2.840.10045.3.1.5           239
x962P239v3          1.2.840.10045.3.1.6           239
x962P256v1          1.2.840.10045.3.1.7           256

You'll probably want to create some WMI filters to target specific OS versions. This is a good place to start:

http://www.nogeekleftbehind.com/2013/09/10/updated-list-of-os-version-queries-for-wmi-filters/
http://www.grouppolicy.biz/2015/05/how-to-apply-wmi-filter-to-windows-10-or-windows-server-2016/

# ? Nov 8, 2016 04:32

EssOEss: Oct 23, 2006; 128-bit approved

LessPass is reinventing password managers! Leaking the password via displaying magic images is a cool innovation.

# ? Nov 8, 2016 12:29

Thanks Ants: May 21, 2004; #essereFerrari

"Hi please check over these pentest results for your customer"

*100 page PDF of port scans including public IP addresses that are nothing to do with this company, just happen to be on the same ISP. No executive summary, no conclusions drawn.*

# ? Nov 8, 2016 12:59

ming-the-mazdaless: Nov 30, 2005; Whore funded horsepower

Thanks Ants posted:

"Hi please check over these pentest results for your customer"

*100 page PDF of port scans including public IP addresses that are nothing to do with this company, just happen to be on the same ISP. No executive summary, no conclusions drawn.*

Job's a good one!

# ? Nov 8, 2016 13:33

B-Nasty: May 25, 2005

EssOEss posted:

LessPass is reinventing password managers! Leaking the password via displaying magic images is a cool innovation.

Another worthless hash-based p/w generator that forces you to remember hundreds of site-specific p/w rules and other configuration options to "save" you the effort of syncing a database file.

# ? Nov 8, 2016 15:57

Proteus Jones: Feb 28, 2013

BangersInMyKnickers posted:

Here comes the YOSPOS cross-post:

This was a good post there, and it's a good post here.

# ? Nov 8, 2016 15:59

Proteus Jones: Feb 28, 2013

EssOEss posted:

LessPass is reinventing password managers! Leaking the password via displaying magic images is a cool innovation.

What problem is that whole image thing supposed to solve?

Why are people still using this piece of poo poo. Move to Keepass or 1Password, even.

# ? Nov 8, 2016 16:02

Su-Su-Sudoko: Oct 25, 2007; what stands in the way becomes the way

flosofl posted:

What problem is that whole image thing supposed to solve?

Why are people still using this piece of poo poo. Move to Keepass or 1Password, even.

but then I have to waste time syncing files!!

# ? Nov 8, 2016 16:13

Cup Runneth Over: Aug 8, 2009; She said life's
Too short to worry
Life's too long to wait
It's too short
Not to love everybody
Life's too long to hate

flosofl posted:

What problem is that whole image thing supposed to solve?

Why are people still using this piece of poo poo. Move to Keepass or 1Password, even.

My only problem with 1Password is that its browser extension doesn't work with Iridium, at least with 1Password 6.

# ? Nov 8, 2016 16:20

Lain Iwakura: Aug 5, 2004; The body exists only to verify one's own existence.; Taco Defender

EssOEss posted:

LessPass is reinventing password managers! Leaking the password via displaying magic images is a cool innovation.

I'd love to see what the LastPass apologists have to say about this.

E: oi vey this is not what I thought I was reading

Lain Iwakura fucked around with this message at 17:36 on Nov 8, 2016

# ? Nov 8, 2016 16:36

CLAM DOWN: Feb 13, 2007

BangersInMyKnickers posted:

There's character limits for the schannel GPO.

I honestly don't think I knew this. What the poo poo, MS

# ? Nov 8, 2016 16:57

wyoak: Feb 14, 2005; a glass case of emotion; Fallen Rib

OSI bean dip posted:

I'd love to see what the LastPass apologists have to say about this.

what

# ? Nov 8, 2016 17:09

Rufus Ping: Dec 27, 2006; I'm a Friend of Rodney Nano

OSI bean dip posted:

I'd love to see what the LastPass apologists have to say about this.

It's nothing to do with them I don't think

# ? Nov 8, 2016 17:22

Proteus Jones: Feb 28, 2013

Rufus Ping posted:

It's nothing to do with them I don't think

E: Oh for fucks sake. I can't read.

Proteus Jones fucked around with this message at 17:40 on Nov 8, 2016

# ? Nov 8, 2016 17:25

Forgall: Oct 16, 2012; by Azathoth

I'm also confused about purpose of those glyphs, but also about calling lastpass "hash-based password generator".

# ? Nov 8, 2016 17:30

BangersInMyKnickers: Nov 3, 2004; I have a thing for courageous dongles

CLAM DOWN posted:

I honestly don't think I knew this. What the poo poo, MS

So long as you don't go crazy on the DSA and DHE ciphers you won't run in to it. But yeah, 1023 characters and you're done. Win10 really helps keep it down by splitting curve preference in to its own gpo instead of needing to declare every single curve you want to use with each EC cipher. I'm sure they made the limit before EC was on the radar and 1023 characters is enough for anyone.

# ? Nov 8, 2016 17:32

Space Gopher: Jul 31, 2006; BLITHERING IDIOT AND HARDCORE DURIAN APOLOGIST. LET ME TELL YOU WHY THIS SHIT DON'T STINK EVEN THOUGH WE ALL KNOW IT DOES BECAUSE I'M SUPER CULTURED.

flosofl posted:

Nothing to do with the apologists or nothing to do with Lastpass? Because it has everything to do with Lastpass. It's Lastpass that's generating those glyphs, and it's Lastpass that's being shown in the screenshot on that site.

So what are you saying?

Infosec Thread: DON'T ROLL YOUR OWN STRCMP()

# ? Nov 8, 2016 17:33

NFX: Jun 2, 2008; Fun Shoe

Is LessPass and LastPass the same thing?

# ? Nov 8, 2016 17:33

Lain Iwakura: Aug 5, 2004; The body exists only to verify one's own existence.; Taco Defender

Rufus Ping posted:

It's nothing to do with them I don't think

It doesn't. I am just being dumb here reading stuff before I am even awake.

# ? Nov 8, 2016 17:37

Forgall: Oct 16, 2012; by Azathoth

NFX posted:

Is LessPass and LastPass the same thing?

gently caress

# ? Nov 8, 2016 17:38

Proteus Jones: Feb 28, 2013

NFX posted:

Is LessPass and LastPass the same thing?

Oh for fucks sake. I can't read.

I got gotten.

# ? Nov 8, 2016 17:40

Twerk from Home: Jan 17, 2009; This avatar brought to you by the 'save our dead gay forums' foundation.

This is why I only use AssPass, the only service where you snapchat a picture of your rear end to a professional who will then look up your password in a pile of post-it notes.

# ? Nov 8, 2016 17:41

doctorfrog: Mar 14, 2007; Great.

Forgall posted:

I'm also confused about purpose of those glyphs, but also about calling lastpass "hash-based password generator".

"Most of our clientele are compulsive gamblers, and it looks like a cool slot machine. Really communicates that Web 2.0 feel to have our web app respond dynamically to user input! Way to grow the brand!"

# ? Nov 8, 2016 17:52

Space Gopher: Jul 31, 2006; BLITHERING IDIOT AND HARDCORE DURIAN APOLOGIST. LET ME TELL YOU WHY THIS SHIT DON'T STINK EVEN THOUGH WE ALL KNOW IT DOES BECAUSE I'M SUPER CULTURED.

NFX posted:

Is LessPass and LastPass the same thing?

No, they're completely different.

LastPass is a conventional password manager which lets you define passwords and encrypts them behind a master key. It's had some serious problems in its implementation, but there's nothing special about its theory of operation.

LessPass is basically hash(domain + username + masterPassword). People come up with this idea every once in a while because it "solves" a lot of known problems with traditional password managers, and they're not experienced or careful enough to see the new, bigger problems it introduces.

The weird glyphs are a mnemonic device to validate your password. LessPass doesn't ever give you a "your password was wrong" prompt - a different master password is just a different input to the hash function and gives you a different output. So, they give you a different hash function with a limited output set and map it to some icons, and you remember that your password confirmation is "blue building orange heart black car" or whatever. If you don't see those icons then you know your password is wrong.

Of course, that's an information leak. Especially when you provide confirmation for each character as it's entered, which makes it trivial to break by hand. But what else would you expect from a password manager which doesn't ever let you change your password?

# ? Nov 8, 2016 17:53

Wiggly Wayne DDS: Sep 11, 2010

Wiggly Wayne DDS posted:

If your password manager, by default, has an unencrypted key stored (dOTP) that can be used to authenticate, obtain the encrypted vault key, decrypt the vault key, bypass IP restrictions, bypass 2FA and relies on local storage being impenetrable then you've got a bit of a design flaw. We've seen the damage in the past when Lastpass had an XSS problem that let an attacker grab any plaintext passwords from a vault silently. You're not storing your vault on a single system by virtue of using Lastpass so that is not the only possible angle of attack, and based on prior issues I can't comfortably advise people to use it for secure password storage. Especially given their response to the issues presented.

NFX posted:

Is LessPass and LastPass the same thing?

more or less

# ? Nov 8, 2016 17:55

andrew smash: Jun 26, 2006; smooth soul

Space Gopher posted:

No, they're completely different.

LastPass is a conventional password manager which lets you define passwords and encrypts them behind a master key. It's had some serious problems in its implementation, but there's nothing special about its theory of operation.

LessPass is basically hash(domain + username + masterPassword). People come up with this idea every once in a while because it "solves" a lot of known problems with traditional password managers, and they're not experienced or careful enough to see the new, bigger problems it introduces.

The weird glyphs are a mnemonic device to validate your password. LessPass doesn't ever give you a "your password was wrong" prompt - a different master password is just a different input to the hash function and gives you a different output. So, they give you a different hash function with a limited output set and map it to some icons, and you remember that your password confirmation is "blue building orange heart black car" or whatever. If you don't see those icons then you know your password is wrong.

Of course, that's an information leak. Especially when you provide confirmation for each character as it's entered, which makes it trivial to break by hand. But what else would you expect from a password manager which doesn't ever let you change your password?

How does the by-hand attack work when the glyphs update for every entered character? I'm not questioning that it works I would just like to understand it as a means of further insight into the problem.

# ? Nov 9, 2016 02:40

Adbot: ADBOT LOVES YOU

# ? May 5, 2024 05:33

Jabor: Jul 16, 2010; #1 Loser at SpaceChem

andrew smash posted:

How does the by-hand attack work when the glyphs update for every entered character? I'm not questioning that it works I would just like to understand it as a means of further insight into the problem.

You look at the glyphs for the first character, and you try all the possible letters, numbers, etc. until you get the same set of glyphs.

Now that you know the first character, you look at the second set of glyphs, and you try all the possible letters, numbers, etc. until you get the same set of glyphs.

Now that you know the first two characters, you look at the third set of glyphs...

# ? Nov 9, 2016 02:46

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Infosec Thread: Yes, time to move off LastPass

«‹›504 »