Examining the LastPass Breach Through our Password Table

Back in November 2022 you may have heard that the password manager company LastPass disclosed a breach in which hackers had stolen password vaults containing data for more than 25 million users. Most people assumed that while not ideal, many of the stolen passwords would never be cracked as they were encrypted with a complex algorithm and a high number of iterations.

But not so fast my friend - it’s more complex than that.  And with the recent string of crypto wallet heists, it appears that some of these passwords may be starting to get cracked. So how is this possible?

One of the frequent comments we see on our famous Password Table is that it uses an older algorithm to calculate the cracking times (side note: cybersecurity researchers are STILL seeing password breaches that use the MD5 algorithm so unfortunately accurate). In this case though, LastPass very publicly notes they use PBKDF2 with SHA-256.  However the number of iterations varies on when and how you used LastPass which can impact the cracking times. That being said, it’s not that far-fetched that passwords are being broken - even randomly generated ones created in LastPass.

“I’m a LastPass user. How could we figure out my risk?”

Well let’s look at some assumptions first:

• Your password was stolen as part of the 2022 LastPass data breach.

• You did not change the default number of local (usually browser extension) iterations, 5,000 (most people didn't and still haven't).

• The attackers were able to brute force your encryption key instead of having to deal with your client-side authentication hash nor the server-side authentication hash. Something discovered by Wladimir Palant who has reported several major vulnerabilities in LastPass over the years.

• The LastPass extension used PBKDF2 with SHA-256, set to use 5,000 as the number of iterations (rounds) to turn your master password into your encryption key.

• Your LastPass master password was randomly generated.

If these are all true, then your personal Password Table would look like this:

“What if I didn’t use a randomly generated password? Just asking for a friend…”

Results vary but you can be certain that the maximum amount of time it would take to crack your non-random password would be what is in the table above, given the cheap hardware. If your password was part of a breach before or follows common human-made password patterns your table looks more like this:

“What if I was super savvy and set the iterations to 600k back before the breach?”

Great cybersecurity awareness! So let’s update the assumptions then and the table

• Your password was stolen as part of the 2022 LastPass data breach.

• You did change the default number of local (usually browser extension) iterations, to 600,000 (most people didn't and still haven't).

• The attackers were able to brute force your encryption_key instead of having to deal with your client-side authentication_hash nor the server-side authentication_hash.

• The LastPass extension used PBKDF2 with SHA-256, set to use 600,000 as the number of iterations (rounds) to turn your master password into your encryption key.

• Your LastPass master password was randomly generated.

If these are all true, then your personal Password Table would look like this:

“Well that’s not great. What should I do now?”

If you are a LastPass customer (either for you/your family, or your organization), LastPass put out some great guidance for consumers and for business administrators that you should follow.

Want to learn more about our methodology for creating these Password Tables, our assumptions, limitations, and references? Then check out our full research piece here. Thank you, again @Chick3nman512 for providing benchmarks and explaining the nuances to us.

In the meantime, stay up to date with all of the latest cybersecurity news by subscribing to our ACT Digest or by subscribing to Hive Live to catch all our latest episodes about the world of cybersecurity.

Follow us - stay ahead.

Read more of the ACT