> At Bitwarden we take this trusted relationship with our users seriously. We also built our solution to be safe and secure with end-to-end encryption for all Vault data, including website URLs, so that your sensitive data is “zero trust” secure [1]
I haven't used LastPass in years, but the recent news made me wonder how Bitwarden was handling URLs.
[1] https://bitwarden.com/resources/zero-knowledge-encryption-wh...
It’s fine to store your passwords online for convenience, but as a user, it’s important to accept that it’s no longer your private password and will, at some point, leak.
ehh. I store my passwords online but its on a file I encrypted offline with strong password (over 20+ characters) and key. I use keepass which is a locally encrypted and stored password manger, and I store the DB on Dropbox and download it to any of my computers/devices were it is decrypted locally when needed. I don't trust password wallet services ass they all seem to want to do the enryption server side with a reset-able password which really means they have the master password not you, but my set up seems secure enough to me.
That's a consequence of the Murphy's law [1].
Very well written. You phrased it perfectly for it to have its place at [2] which is full of this kind of stuff. It's almost like this sentence claims itself the right to appear there. If you read French you might enjoy this website. If not, you might still enjoy the different phrasings of Murphy's law in different languages here [3].
[1] https://en.wikipedia.org/wiki/Murphy's_law
Security is the area where fast and fuzzy heuristics get you into problems.
Examine each option critically and reach independent conclusions.
I run BW with Yubikey 2FA and a local hosted sync server.
KeePassX/C perhaps. Vault for secrets management.
Never touched LastPass, 1Password or any of these other mickey-mouse commercial apps that invariably claim "military-grade encryption" or "unhackable" when their fundamental constructions are crap.
There’s very little room for failure and learning in the online password safe field, so I generally assume these companies are in one of two states:
* has unknown bugs waiting to be revealed
* out of business
https://1passwordstatic.com/files/security/1password-white-p...
It’s quite good.
end-to-end encryption means something like https, it's a communication quality between trusted parties
> Password managers [...] In this case, however, the user is on both endpoints and is the only person with a key.
Without context, I just don't understand why this anecdotal thread should be considered credible.
Disclaimer: I use FOSS password managers for everything possible but have to use LastPass for some non-personal stuff and I very much dislike it
Not everything posted on HN has to be verified true. The decision calculus here seems strongly in favor of signal boosting it, so that people who need to can take defensive action, even if it turns out to be wrong.
That's subjective and has no value in determining whether the post is true.
"Not everything posted on HN has to be verified true. The decision calculus here seems strongly in favor of signal boosting it, so that people who need to can take defensive action, even if it turns out to be wrong."
What? Proven true, no, any sort of evidence, yes. As for taking actions, there's a cost.
"I suspected someone used a 0day on me" is not exactly inspiring confidence
From one of the tweets:
> I did not download anything. My machines are clean, and I have physical 2fa on everything. None of the links or contracts I interacted with were malicious. Nobody else had physical access to my PC.
Yeah sure. Sounds like my aunt when she messed up her PC and loudly claims "but I didn't do anything!" Surefire sign that she did. Turns out it's true, every time.
One entity has something to lose, the other doesn't?
So feel free to go ahead and jump to conclusions :)
Is a meme
This is your regular reminder that all crypto is scam , this is a simple mathematical fact.
See what is unencrypted in your LastPass vault - https://news.ycombinator.com/item?id=34105368 - Dec 2022 (9 comments)
LastPass breach is worse than you think because URLs were unencrypted - https://news.ycombinator.com/item?id=34102982 - Dec 2022 (81 comments)
LastPass users: Your info and vault data is now in hackers’ hands - https://news.ycombinator.com/item?id=34100087 - Dec 2022 (19 comments)
LastPass says hackers stole customers' password vaults - https://news.ycombinator.com/item?id=34099647 - Dec 2022 (15 comments)
LastPass user vaults stolen in recent hack - https://news.ycombinator.com/item?id=34097142 - Dec 2022 (276 comments)
Lastpass Security Incident - https://news.ycombinator.com/item?id=33806803 - Nov 2022 (560 comments)
LastPass confirms hackers had access to internal systems for several days - https://news.ycombinator.com/item?id=32912350 - Sept 2022 (21 comments)
LastPass says hackers had internal access for four days - https://news.ycombinator.com/item?id=32871051 - Sept 2022 (7 comments)
Last Pass Hacked - https://news.ycombinator.com/item?id=32612645 - Aug 2022 (35 comments)
LastPass: Notice of Security Incident - https://news.ycombinator.com/item?id=32598587 - Aug 2022 (130 comments)
I absolutely believe it’s possible that LastPass has been compromised more than they’ve let on and I won’t be surprised if we eventually find out vaults are vulnerable, but I don’t believe this is how it would play out.
Sunday the 18th is conveniently around the time of the latest announcement, but not the time of the actual hack. Feels like someone is over fitting.
Maybe a coincidence, but I guess every weird thing that happens is going to raise alarm bells.
I was suspicious of the LastPass concept (storing passwords in a cloud app) when a former employer introduced it some years ago, but they had a strong IT and security culture so I trusted them to make the right choices and adopted it for my personal use.
A few months ago I hsd an issue with my LastPass 2FA device and a policy set by my former employer blocked me from resetting it for my personal account. It was resolved by LastPass, but that was the first strike, and I had spent most of the night extracting my personal account passwords manually from the mobile app, which remained logged in. That was strike 1. This is strike 2.
I am very much of the opinion that if I fuck up my side of 2FA protection, the resources/accounts they’re protecting should be lost forever. (Or at the very least, a co-account holder might be able to reset some things, like my AWS IAM creds or GSuite admin account). If I can ring up and whine at enough support people to get them to hand over my account, so can a sufficiently persistent skilled social engineer…
It was a support request, and IIRC they disabled it remotely.
In my case I was off boarded by an employer, but retained access to it on my mobile device and could read all passwords.
Their initial response was that it was by design, then later tried to pay a bounty I never accepted.
BTW one client of mine runs a heavy security operation and they use KeePass.
Just like they say in crypto "not your keys, not your crypto" - it applies here too. Not your storage, not your passwords.
KeePass on an airgapped box, or an encrypted hardware password manager with no network interfaces is best, though frankly, I'd even be more comfortable writing down passwords on paper (at home) than I would be storing them on someone else's server.
I say all this as a big tech red teamer, or, someone who breaches other people's servers for a living.
100% agreed. Physical access is not something than an attacker, especially one likely to be in an entirely different country or even continent, can easily achieve.
And yes - there is basically no way to actually prove that your passwords on a server aren’t accessible to someone - especially if they can update software.
Sounds inconvenient for password retrieval when not home, how does this work in practice?
How about an airgapped phone with GrapheneOS and Keepass?
I've looked at the white paper https://1passwordstatic.com/files/security/1password-white-p..., I think 1password has a decent security posture for their cloud offering but then there's always the risk of a breach where the attacker controls the site and can intercept your master password through it. Same as what happened with British Airways or Lavabit.
A local vault is better than a cloud vault, but if that local vault software is written by a commercial company there's still that risk.
Depending on your device and platform there's still "that risk" even if its open source. If you're compromised, you're compromised.
My understanding is the app decrypts the vault locally. I guess they could put out a malicious update but then you’d be impacted whether there was a cloud-free option or not.
Additionally exfiltrating the data would be harder for a locally stored vault..
It’s got my (not particularly technical) wife using unique strong passwords for all her online accounts and made family password sharing easy. I think the convenience of the cloud is key to this.
I get that there’s a security risk that 1Password gets compromised and the app is infected with malware or there ends up being a vulnerability on their encryption scheme but it still feels like a net improvement to my overall online security.
Also MFA can help mitigate the risks of the passwords being compromised.
This is what I’m at on it too. Without cloud syncing convenience wins and we end up using simple passwords over and over again.
With cloud syncing I believe we are much more secure than we would otherwise be.
EDIT: Given the replies below, I should be clear that I'm not interested in comparing to LastPass, I'm comparing to Bitwarden. LastPass had an obviously bad security model that failed to encrypt everything, but Bitwarden does not have that flaw.
I looked at using them but ultimately decided against them, a conflict overwriting a password scares me more than even just using chrome sync and calling it a day.
Where I do think it resonates is fundamentally it's just a bad idea to centralize things like this. It may be a necessary to construct a commercial business around this, but centralising massive amounts of trust across unrelated entities into ANY party is just a fundamental compromise that shouldn't have to be made. We would all be better off with genuine decentralised infrastructure to make all this work.
What does irritate me is that all these companies are full of "zero trust" marketing spiel but their products always actually end up coming back to placing 100% trust in them in the end.
This is reasonably safe, as long as you're careful with your master password, no different form GPG.
I'm not here to argue the merits of encryption. I understand it very well. I'm only considering my own levels of comfort and need to trust a 3rd party as well as pay a recurring fee to store my keys/passwords.
Here's the thing: yes, my tool is probably less secure than a professional tool, by an order of magnitude. But it's also a far less attractive target for hackers. If you spend an hour to crack my tool, you get one guy's data. If you spend 1000 hours to crack LastPass, you get millions of users' data. The cost::payoff ratio for hacking LastPass is far better.
They also say not to roll your own encryption, but if you encrypt your data and then use ssl it does increase security. When there is some bug meaning your ssh key was easily guessable (happened with dsa keys) having that obfuscation will prevent bulk collection from doing things like keyword matching against your data. Doesn't work if everyone does it, but it does work.
Most of the time you gain the most not from state-level impossible to break security, because most of the time you aren't trying to defeat a room full of geniuses all working full time with you as a target.
Remember this?
<Cthon98> hey, if you type in your pw, it will show as stars
<Cthon98> ********* see!
<AzureDiamond> hunter2
<AzureDiamond> doesnt look like stars to me
<Cthon98> <AzureDiamond> *******
<Cthon98> thats what I see
<AzureDiamond> oh, really?
<Cthon98> Absolutely
<AzureDiamond> you can go hunter2 my hunter2-ing hunter2
<AzureDiamond> haha, does that look funny to you?
<Cthon98> lol, yes. See, when YOU type hunter2, it shows to us as *******
<AzureDiamond> thats neat, I didnt know IRC did that
<Cthon98> yep, no matter how many times you type hunter2, it will show to us as *******
<AzureDiamond> awesome!
<AzureDiamond> wait, how do you know my pw?
<Cthon98> er, I just copy pasted YOUR ******'s and it appears to YOU as hunter2 cause its your pw
<AzureDiamond> oh, ok.My concern with anyone identifying themselves as being affected by this breach is that a 3rd party would be able to collect a lot of information about the user for a very targeted social engineering attack. Conversations here often disclose personal information such as approximate age, location, past experiences, hobbies, etc. It's a gold mine for social engineering.
With keepassxc, 1password, or even chrome's password manager, if a phisher links you to "gmail.scammersite.info", even if it looks exactly like the real gmail login page, browser-integration will not fill in the password field.
With pass, the default flow is to copy the password to your clipboard, and paste it into the password field manually. That allows the above phishing attack to succeed.
For that reason, I would not rely on password store. If you want to control your own database, use keepassxc, and sync the kdbx file with either git, dropbox, or anything else you like.
I am aware password-store technically has browser extensions, but few people use them in practice, and since password-store doesn't have an idiomatic "URI" field for a password, it doesn't actually auto-fill by default in a way that stops the above attack.
As a bonus reason, password-store also leaks filenames (entry names), while keepassxc and most other options do not leak the entry name.
As another bonus reason, using gpg is a fraught pain in the ass, and it's such a sharp and difficult to use tool that it's actually harder to securely make disaster recovery plans.
Passwords are per file. Grabbing a password by a Yubikey touch doesn’t expose other passwords. Per password sandboxing. With keepass, you open the vault most of the time to expose a less important password, and the entire vault is at risk.
Beyond Pass, you should be careful with the browser extensions (and browser in general ). There are a lot of them, never audited.
In particular, I don't see how 2FA is possible with this, so shoulder surfing is a bigger issue.
I definitely trust Google or BitWarden more than a password I can memorize plus my own constant vigilance.
You can use anything that integrates with GPG ... eg: you can do it with a Yubikey [0]
[0] https://support.yubico.com/hc/en-us/articles/360013790259-Us...
Umm, why not?
First, you can use a different app (like aegis) to generate OTPs.
Second, pass has an extension (https://github.com/tadfisher/pass-otp) that can be used to generate OTPs.
Third, you can use something like oathtool to generate your otp using your totp secret
oathtool -b --totp "your-totp-secret"
https://apps.apple.com/us/app/pass-password-store/id12058205...
https://twitter.com/SwiftOnSecurity/status/16060717986671738...
LastPass has a LOT to answer for.
If you look into what LogMeIn (now renamed to “GoTo”) makes… this doesn’t make me feel good about GoToMeetings, GoToMyPC, or join.me.
I mean, I could maybe update the OS on that machine (not sure--it's over 10 years old) but at that point it was less work and less risk to switch to BitWarden. And the user experience is much better as well.
(Though I suppose changing a bunch of passwords that I had in LastPass is also kind of a pain.)
For many years, those of us in the cryptocurrency fields have said never enter your keys on a computer. Generate them offline on a hardware device and let that be it. The person making this claim clearly had to enter unencrypted keys into a computer to put them into his laspass vault. There are a number of malware variants that specifically target keys and search things like input fields in web forms and clipboards for those keys.
And if that were the case then this is really getting into criminal negligence territory (especially the way they've been disclosing it).
I had made a mental note some months back when this first happened I should really go through everything important in my vault and update all passwords to sleep more peacefully at night. I had also made a mental note at the time that if this situation were going erupt into something much worse, it would almost certainly be over the Christmas period when many people are not at work or their computers and it would be the perfect moment for causing maximum chaos and destruction. Looks like I now really need to prioritise that tomorrow. Really not what I wanted to be doing on Christmas Eve...
At this point I just don't want my data in the big, juicy hacking target.
> I think the situation at @LastPass may be better than they are letting on. > > On Sunday the 18th, four of my wallets were completely safe. There were no losses. > > Their seeds were kept, encrypted, in my lastpass vault, behind a 16 character password using all character types.
IOW, the honesty and integrity of the user does not matter. What matters is some form of verification of the cause of a breach, because this single post presents no useful evidence for determining the cause of the breach, most especially ruling out over-the-shoulder attacks.
What has confounded me for a long time is this question: are there no breaches of security cameras? I can spend time in a Starbucks and always see someone enter a password into some device, I do not recall reading that a security camera system has been hacked, yet I would assign an incredibly high value to security cameras in places like coffee shops, airports, hotel lobbies, etc.
There are fewer ways to get the data than reasons why the data has not (yet) been used.
You can't prove there was no breach.
As I demonstrated in what might be called talking past the sale, there are other attacks that have nothing to do with the security of the technologies used.
I don't know the person who originally stated this, but as the popular refrain goes: "security is a process, not a technology."
I find that Bitwarden's UI is much less quirky, for lack of a better term. LastPass finds ways to consistently annoy me.
The commonly clicked secrets move to the top, I can see more than two items in the list, it doesn't forget me periodically, and when prompted for credentials I can't cancel it and get in anyway.
You can add multiple sites to the secret, not in some hidden menu in Bitwarden. That's handy for things like AD/LDAP credentials.
In general, one should avoid exporting/importing credentials. Instead reset them and save the new creds into the new place.
As for Bitwarden, I like the UI (iPad, Mac, iPhone) but routinely forget how to generate a new password - the function is buried inside one of the menu options. Other than that, I really like it. And, there is option to host your own vault.
I eventually decided that the UI was too clunky to move my whole family onto and opted for 1password. Very happy with that choice.
UI\UX is bad. I tried switching to it from 1P, but went back after four months because I'd rather pay more than suffer daily.
The more numerous the places where we can abandon passwords, the fewer the secrets that we need to keep.
I just set up a whole backup solution for my many self hosted applications, all encrypted with the keys safely in my password manager. Even uploaded to S3, because I figured if I'm paying for it, I could ID-and-support ticket my way to my data even if I lost my AWS credentials.
I don't know how to integrate a security key into this scheme. What to do if it actually gets lost ?
Will I have to use emergency codes for all the accounts ?
Can I make a backup of it somewhere ?
Would that defeat the purpose ?
I'll buy one someday, when I'll have all this figured out.
Ultimately, I expect the biggest barrier to be mental. People have had mantra about passwords banged into their heads for decades that they have become synonymous with a secure system and people are suspicious when their device just lets them in with little to no friction.
The database is kept in sync with either Dropbox or iCloud.
As far as I can tell BitWarden and Google are the two good ones. I use BitWarden.
My reasoning is anything new and experimental is scary, I want something with tons of users that's well established. If the community isn't all over it, it's probably not reviewed enough.
Open source makes stuff a little more trustworthy, but by itself isn't enough.
I also don't want to pay a lot for it, and many are paid.
The two big FOSS ones everyone knows are KeePass and BitWarden.
Keepass uses some single file database last I checked. Terrible for sync as the sync engine won't be able to automatically merge conflicts and you might get hassles.
That just leaves BitWarden, or just using Chrome because it's there, it's easy, and Google seems to be good at protecting you from everyone but them.
A 16 characters password from all character types can’t be broken.
How could hackers break the vault, with end to end encryption and such password?
In my experience "I didn't click on any suspicious link" and similar user denials are exactly why you don't ask them that during incident response, instead you get them to give you all their browsing/download history/content so you can verify that.
It could be cookie theft (physical 2fa can't stop that) or consent phishing if they use oauth for their main lastpass login. As soon as this was noticed, disk/memory images should be taken of all devices with lastpass ideally so they can be investigated. I don't know if the victim here uses laspass on their phone for example or by new apps they include new browser extensions or updates to existing apps (supply chain compromise).
Many users don't use "good" passwords, so you use a high number of iterations on the KDF, to make it harder to brute-force an account's password.
Lastpass initially used 5000 rounds of KDF for old accounts. That's not a lot, especially today. They increased it over time to 100,100 iterations (which is better).
The data stored in a password vault is encrypted by a per-entry key, derived from this user password. If a user's password is weak, predictable, re-used, etc, then attackers now have an opportunity to decrypt the contents of their vault. Up until now, attackers generally have been assumed to not have access to user vaults, as that requires authentication (maybe including MFA).
No local software has been compromised, but getting a hold of the server-side backups makes it possible to try to brute force user's passwords in a way that was prevented by server-side rate limiting and MFA.
There is also some side information leakage from the server-side copies of users' vaults, like the URLs of websites in a given vault not being encrypted, and vaults being tied to user identities and contact info.
This tweet thread suggests/implies that at least one user has had a password compromised from information held in an encrypted vault. There's no evidence yet of a compromise of the locally installed software, but it emphasises the importance of changing passwords, moving to new wallets if seeds were exposed to Lastpass etc.
It's not nearly as convenient as LastPass, but likely more secure. It uses TwoFish with a 256 bit key length, which was one of the finalists for the AES standard.
With _random_ passwords which most LastPass users probably generated, the attacker has no way of knowing if a key resulted in a successful decryption unless they login to a particular site.
If the URLs were part of the encrypted payload though, a quick string check for “http” or “www” would tell them if a key was correct or not during their brute-force attempts. Maybe a silver lining?
"The cloud" is just someone else's computer.
Sharing your password with anyone always makes you less secure.
Self hosted, at home, or I don't trust it. It's really that simple.
Please reaffirm my choice to pick you as our company password manager years ago before I research the ambiguity of centralized password management and make my own decision.
Too many people who should know better on this site itself kept recommending things like Lastpass... Incredible.
1. password was somehow left in plain text
2. there was a problem with the encryption implementation by LastPass. likely this is the reason.
this is why you always encrypt crypto stuff with offline computer using well-vetted tools like VeraCrypt or openssl, and not rely on cloud storage encryption. Only you can do your encryption. relying on others doomed to fail eventually.
Press [X] to doubt.