Fixing C's Biggest Mistake
Steven Schveighoffer
schveiguy at gmail.com
Mon Jan 9 01:44:41 UTC 2023
On Monday, 9 January 2023 at 00:43:08 UTC, max haughton wrote:
> On Monday, 9 January 2023 at 00:18:50 UTC, RTM wrote:
>> On Sunday, 8 January 2023 at 21:53:32 UTC, Steven
>> Schveighoffer wrote:
>>> Nope. That's not how LastPass (and password managers in
>>> general) work.
>>
>> https://en.m.wikipedia.org/wiki/LastPass#2022_security_incidents
>>
>> It’s serious.
>
> Serious yes, but look at the data that actually leaked, it's
> not the keys to the safe I think
Yes, it's no different than any other data breach of any other
company -- email addresses, billing information, etc.
Note that LastPass and others do not even have the keys to the
safe to be stolen in the first place -- they never store your
master password.
the "100s of passwords" are not compromised (that is, unless they
use "password123!" as their master password).
LastPass uses 100100 rounds of encryption, which means each guess
takes a long time to test to see if it's right. Brute force will
take millions of years.
Everyone today should use a password manager, whether it's cloud
based or not. And the *most important rule* is to not use a
previous password as your master password.
-Steve
More information about the Digitalmars-d
mailing list