Lastpass breach. Code stolen. No user data taken

[britechguy]

40 bit DES, 56 bit DES, 128 bit AES... WEP, WPA, etc. all useless by now. So many memories...

Yep. It's always been a game of cat and mouse/spy vs. spy. And each time something is hopelessly compromised "the next generation" appears. The issue isn't that better methods (and that last, at least for a period of time) don't appear, it's that too many don't adopt them in a timely manner.

@nlinecomputers We were clearly typing at the same time.

 

[GTP]

Interesting thoughts from Steve Gibson on a recent podcast about encryption.
A listener asked the question, "If I encrypt with a 256 bit key, then encrypt again with a 256 bit key, then do it a third time, does it make the encryption stronger?"
The answer was enlightening.
Not sure what episode it was but I'll go back and listen again at some stage.

 

[nlinecomputers]

 

[nlinecomputers]

New breach using info from the previous breach. Customer data accessed but passwords are secure because encryption works.

Security Incident December 2022 Update - LastPass

We are working diligently to understand the scope of the incident and identify what specific information has been accessed.

blog.lastpass.com

 

[Rosco]

And my passwords are safe, no matter where they are, because they are stored in an encrypted vault.

Anyone who wants it, I'll be happy to send it to them. Good luck decrypting it!

Love this! Yea, I still love LastPass. They are great to work with. Plus, of course they have breaches. People want passwords.