After a bit of searching, I wasn't able to find any PHP forum software that LastPass lets you log in to. I could only find one official-seeming forum, and it uses a different login. So, I think this is FUD... I don't use LastPass, but accusing them of something like this (and using the phrase "or whatever") is pretty serious without proof.
They appear to have sunset their phpBB instance. It was the main hub and support portal on their website with up to thousands of active visitors at any given time. You can see it archived here:
Here's the archived phpBB login page. It asks for your LastPass login and password (not your forum account, your actual LastPass login and actual LastPass master password):
Here's a past HN discussion from the time with some guesses at how such a phpBB login using the master password could, theoretically, be implemented without knowledge of the password. Note that this doesn't imply it's possible to implement it in a way that would be resistant to their web server (running phpBB!!!!) being compromised: https://news.ycombinator.com/item?id=16016171
Unless I’m misremembering, the login to their general system was done by never sending the password over the wire. Instead they used js to do some sort of hashing type system locally.
But during the heartbleed attack when their systems were shown to be vulnerable, that was one of their arguments as to why it wasn’t so bad.
They pretty heavily fumbled exactly this heartbleed response too. They claimed they "weren't vulnerable" because of this setup but they clearly were. If you exfiltrated an SSL key, which heartbleed allowed, you can serve whatever JS (including JS that just explicitly exfiltrated your passphrase) you wanted to end users.
LastPass is full of clowns. There's already two examples of their cavalier approach to what should be simple security in this thread and I'm pretty sure there are more.
> Instead they used js to do some sort of hashing type system locally.
Just the other day a co-worker brought up this idea as an offhand remark. After bouncing it off those present, it took him all of twenty seconds to see why it might do harm and will do little good.
You'd think a password manager would employ some security minded people who could shoot down ideas that bad immediately.
A weakness in your clientside hashing will make your site weaker to brute-force attacks, since it will reduce the number of hashes (or passwords) an attacker has to try (collisions in client-side hashes will too, but very negligibly for a good hash function). It's also impossible to recover from without relying on another form of authentication to re-establish trust. For many sites this means downgrading to single-factor.
Any hash upgrade mechanism can be abused by a (possibly MITM) attacker to change a user's password while leaving you and the user none the wiser that specifically this occurred. If you need to lock someone out while their phone is beeping at them over their bank account being emptied, while not even making it look like their password was changed, that sounds like a fun way.
Lastly it's virtually the same as plaintext, since any salt will be known by even just a passive attacker. A true MITM won't even have to brute-force the hash.
I don't think this is accurate. It appears that the phpBB instance performs a redirect to a SAML login, meaning the login page where you're being asked for your master password is the regular login page.
Now, the fact that they have a web-based vault access requiring entry of your master password? Pretty bad, considering you can't disable it, and it's automatically activated even when just using the browser extension (at least as of a few years back, when I asked them to fix that.)
I don’t use Lastpass, but if what you are saying is correct, they could not have sent the OP an e-mail (assuming it’s legit) informing them of the attempt to sign in using the master pass from Brazil, right?
If you have the hash and algorithm used to generate it of a human generated password you can in the vast majority of cases get the password.
It’s a combination of people being very bad at generating, remembering, and entering passwords plus generally being unwilling to wait minutes or even seconds to generate the hash on their local computer.
> If you have the hash and algorithm used to generate it of a human generated password you can in the vast majority of cases get the password.
I mean, technically this is true, but it's also true if you have the ciphertext of the stored-password database, which is sort of LastPass's entire job. ;)
The only thing that might make it harder to brute force the master password with the latter than with a hashed password database is if the key derivation algorithm differs.
But I think your blanket statement is sort of misleading. In principle, if you trust someone with your encrypted password storage database, you should trust them with a hash of your master password; both serve as brute forcing oracles.
56 billion md5 hashes per second for $1.80 per hour at OVH. (single Nvidia Tesla v100 GPU)
Still a no-go for plain old brute forcing all a-z combinations. But, if your password is some combination of actual words, common keyboard sequences, or anything else in a password dictionary, it's cracked pretty quick/cheap.
You don't need access to a password to check it, just the hash (then they hash what you enter and compare the hash to the one they have). So both "They use it to log in to their whatever" and "They don't have access to it" can be correct.
According to LastPass, they don't have access to the master password // presumably it's not stored on their side. Is that accurate..?
Thanks