11 Users Commented In This Post

Subscribe To This Post Comment Rss Or TrackBack URL
pavid says:

I love LastPass. It’s so easy to use. Unfortunately, I have encountered a small problem in that I am unable to access my on-line e-mail using the new version of Rogers Yahoo. However, the classic version of Rogers Yahoo works just fine.

MK says:

Just what I am looking for right now. I’ve been using PassPack for long, and it works great. However PassPack is too simple, thus lacks many features such as password generator, or the ability to choose where you can save the file.

I’ve tried KeePass, nah too complex. Currently using PasswordSafe and it is pretty good.

LastPass sounds promising, especially the integration with the web browser. I hope future builds will include Opera.

David Bradley says:

Theoretically, all password storage systems could be cracked, compromising all your sites. I’d worry about relying on an online system of any sort no matter how clever or otherwise it seems to be. There is no perfect answer LastPass is just another compromise.

MK says:

@David Bradley: There is no perfect answer to everything. What a password storage system do is simplify the management of your passwords (obviously). It can generate complex passwords, and store them so you don’t have to remember all those tiny caps/big caps/numbers in your head.

Sure, it can eventually be cracked. But I prefer a password storage system that writing it on sticky notes, any day.

I do agree on the compromise of online system. Though it sounds tempting (you can access your passwords everywhere, don’t even have to bring a pen drive), I would never trust my security on cloud computing.

David Bradley says:

Yes, point taken. It was the cloud security aspect I wouldn’t trust. Moreover, I’d be loathe to have all my passwords in one box on my PC too in case it was stolen and cracked open.

Joe Siegrist says:

Why wouldn’t you trust your encrypted data to be stored on a server?

LastPass works by locally encrypting data with 256-bit AES, then storing that for you so you can use it elsewhere. It’s quite safe if you pick a good master password.

If you trust NIST:

Q: What is the chance that someone could use the “DES Cracker”-like hardware to crack an AES key?

A: In the late 1990s, specialized “DES Cracker” machines were built that could recover a DES key after a few hours. In other words, by trying possible key values, the hardware could determine which key was used to encrypt a message.

Assuming that one could build a machine that could recover a DES key in a second (i.e., try 2^55 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.

– NIST.gov AES Questions and Answers

LastPass uses a 256-bit AES key, so it would take many times longer than this. The risk of compromise of your locally encrypted data is exceedingly low.

Using LastPass is by far safer than what most people do, which is use a few passwords for every site. Many sites don’t hash passwords and simply store them in plain text, many sites don’t encrypt the channel for sending passwords. These are the pratical attacks that hackers can use to compromise you.

Joe Siegrist
LastPass

Roman ShaRP says:

May be I’ll check it later. Now I’m satisfied with Keepass, and I like that it’s OpenSource.

Christopher Harley says:

Joe Siegrist-

Thanks for the clarification. I’m now more inclined to take a look at your offering.

Guy Soffer says:

Really an amazing product. I use it on a daily basis…

Firefox Mass Password Reset says:

[...] have to remember anything anymore. These tools are unfortunately not used by many Internet users. (Last Pass is one [...]

Leave Your Comments Below
Hello, please leave your thought below

Please Note: Each comment will be manually approved by an admin. There is no guarantee that a comment will be posted. Please do not submit the comment multiple times.