LastPass Shares Details of Connected Security Breaches

Lastpass uses SHA-256 bit hashing, so it would take on average 2 to the 255th guesses to get the resulting key (half of 2 to the 256th number of possible keys). That’s a lot more bits of entropy than what is likely a memorable master password, and even with key stretching iterations to slow down guesses with something like PBKDF2, brute force guessing of the password will be faster. (It should also be noted that there could be a hash collision between different passwords so it’s possible to guess the wrong password and still be right, but it’s a very remote chance.)

1 Like