Not unrealistic (someone could get more graphics cards) but usually not worth the effort. You’d need a rather long password to get 50 bits, and you’d need to avoid obvious patterns like dictionary words.Įither way, if this is your password and someone got your LastPass vault, guessing your master password on a single graphics card would take on average 200 years. Humans are inherently bad at choosing strong passwords. You took a word list for four dices (1296 words) and you randomly selected five words for your master password.Ĭhoosing a password with 50 bits entropy without it being randomized? No idea how one would do it. Or maybe you went for a diceware password. Yes, such password is already rather hard to remember but you want your passwords to be secure. For example, it could be an eight character random password, with uppercase and lowercase letters, digits and even some special characters. What’s the impact if you have an even lower iterations number configured? Let’s say you have a fairly strong master password, 50 bits of entropy. So the LastPass default is already factor three below the recommendation. The current OWASP recommendation is 310,000 iterations. The more iterations you have configured, the slower this guessing will be. In order to decrypt them, the perpetrators need to guess your master password. This setting is actually central to protecting your passwords if LastPass loses control of your data (like they did now). How did the low iteration numbers come about?.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |