![]() So then your username and that goes to LastPass to identify you. So it absolutely depends upon both of those pieces of information. That is, the only way to get that is if you take your username and password, hash it, then add the password to that and hash it again. ![]() So this second blob, this second output from the hash, that's your unique ID. So they do another one-way function on your crypto key with your password, which they don't know because they never get it. They take that key, the cryptographic key, and they add your password to it, that is, they concatenate your password to your cryptographic key, and they hash that. So the key used never leaves your system. This is the symmetric key used to encrypt your password database before it is sent to LastPass, and to decrypt the password database when retrieved the from LastPass servers. When you log in, when you give your system your LastPass username and password, the first thing it does is it runs it through this SHA - it lowercases the email address, removes the whitespace, adds the password, and then it does this hash to it, turning it into a 256-bit blob Your password is never sent to LastPass themselves. LastPass will comply with the law, so if a relevant law enforcement agency requests the data with the correct authorisation then LastPass will supply them with the encrypted data. Although if you are using a Yubikey, so you can set your local password database to be encrypted with the public identifier too.ĭoes it give a database to anyone who asks? ![]() Yes, the same decryption key is used for data on the server as local data. Is the same decryption key used for data on the server as locally with Lastpass? ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |