Even the LastPass Will be Stolen Deal with It!
Even the LastPass Will be Stolen Deal with It!: Because there was a breach in LastPass servers back in June, and also because LastPass claims that they have no access to your data, we wanted to investigate what could be done if we have the same data as LastPass. Specifically, we wanted to know if it is possible to decrypt vaults if you are LastPass, anyone with access to their servers, or the NSA pushing LastPass to allow access to their DBs. LastPass claims that they have no way to decrypt your data, the hackers that breached into their servers just dumped their data to perform difficult-to-succeed offline attacks and NSA should not be able to do anything either against 100k rounds of PBKDF2. Before we continue let me be clear, I am not saying, implying or suggesting that LastPass performs any of the attacks explained below. They do not, and when I put LastPass as the attacker is only for readability purposes. What I mean is a possible delinquent LastPass employee, a hacker compromising their servers, or a government putting pressure on them.