Fixing C's Biggest Mistake
areYouSureAboutThat
areYouSureAboutThat at gmail.com
Mon Jan 9 03:50:36 UTC 2023
On Monday, 9 January 2023 at 01:44:41 UTC, Steven Schveighoffer
wrote:
>
> Yes, it's no different than any other data breach of any other
> company -- email addresses, billing information, etc.
>
> Note that LastPass and others do not even have the keys to the
> safe to be stolen in the first place -- they never store your
> master password.
>
> the "100s of passwords" are not compromised (that is, unless
> they use "password123!" as their master password).
>
> LastPass uses 100100 rounds of encryption, which means each
> guess takes a long time to test to see if it's right. Brute
> force will take millions of years.
>
> Everyone today should use a password manager, whether it's
> cloud based or not. And the *most important rule* is to not use
> a previous password as your master password.
>
> -Steve
Sadly, many peoples 'master' password will most likely be
something they can easily remember.
Also, there is almost certainly a backdoor into the password
database.
The backdoor could be intentional (to assist law enforcement), or
it could just be an API that someone forgot to properly lockdown.
But its there. It always is.
"the cloud is another name for 'someone else's computer'":
https://www.schneier.com/blog/archives/2022/12/lastpass-breach.html
More information about the Digitalmars-d
mailing list