You are looking at intermediate data of what's stored in your decrypted blob. Yes, some things are encrypted twice in the Lastpass vault.
The contents considered "unencrypted" by the blog post are actually only accessible after your private key has been provided.
"How can Lastpass show me the Google logo?" It's shown by your Lastpass Extension, after your vault has been decrypted with your password. It's the same reason that Lastpass can show you the password saved for Google!
Notice that request has an unencrypted folder name, "Email." Those folder names are only accessible after the decryption of the entire vault.
URLs are encrypted. LastPass does not know your URLs.
I noticed the article does not include the destination URL for this request, only the parameters. So I can't make a determination as to why this request was made and who the destination server is.
I just tried adding a new site to the "Email" folder, and no requests to remote servers showed up in my Network tab.
IF the LastPass extension really does make a call to lastpass.com with this information, then, yes, there is a possibility that Lastpass can track these hashes in some separate store. But that doesn't mean that the encrypted vault blob has the unencrypted data as claimed.
LastPass does actually know URLs. After logging into LastPass.com, you can navigate to https://lastpass.com/getaccts.php (only accessible post authentication with a valid session cookie.)
This will return an XML document with your vault data. Most of it is encrypted, however an URL parameter is encoded as hex, in plaintext. I am able to look at all URL. They could be storing the blog fully encrypted in a server datastore, but at some point, the LastPass servers are handing the client non-encrypted URLs.
Agreed that the vault blob almost certainly hides all of this, but the question still remains about how the logo is initially obtained. There still might be a leak to lastpass when the logo url is first requested.
And if the extension is pulling the logo from the web then there is also a leak to each site whenever it pulls (rather than to lastpass itself).
Best case scenario: the extension comes with a list of the most common logos baked into it. But if that's the case, why would it save a logo url. Hmm ...
I'm pretty sure we'll be hearing back from Lastpass on this one.
It looks like this happens when you use the web version of Lastpass available on their website, not through the extension.
I've been able to confirm when you update a site through the web interface it makes a POST request to https://lastpass.com/show_website.php with the `url` parameter which contains the hex-encoded URL of the website. I think the author is correct about this.
> I just tried adding a new site to the "Email" folder, and no requests to remote servers showed up in my Network tab.
Well, I don't even have lastpass so I can't check, but it obviously has to be sending something when you save the new site or it isn't saving it in the cloud at all.
Back to the Metadata problem. Here's how this information could be weaponized:
NSA: LastPass, we suspect that John Smith uses your service. Give us access to John Smith's password database.
LastPass: We cannot, all of John's usernames and passwords are encrypted and we ourselves don't have the key.
NSA: Alright, then, give us the websites for which John Smith's database has credentials for, and we'll subpoena each website of interest individually.
If John Smith has known email address [email protected], it is probably safe to assume that the email is the login for at least some of the websites of interest, and can then ask each website for info on that particular user.
The NSA already has that data they have your home address (this is public) and can see you connect to gmail servers at times you are normally home for. We've already seen evidence this is well within the NSA's capabilities based on the Dread Pirate Robert's trial.
2.
LastPass's RNG is closed source so if your threat model includes the NSA you've already lost as it is very reasonable the NSA knows every password LastPass could ever generate for you.
3.
LastPass's encryption/decryption is ALSO closed source so there is no reason the NSA can't just subpoena them to update your client with a faulty crypto.
4.
LastPass Apps/Browser phone home once unlocked. If subpoena by the NSA they can steal your password there.
Seriously if you have a threat model that includes the NSA you've already lost.
Is there is any proof that the "Concerned LastPass User" who wrote this isn't just the creator of BitWarden?
I normally don't assume astroturfing without concrete evidence, but there is no information in the post that explains why the author is anonymous and the creator of BitWarden has previously made comments without disclosing their affiliation (https://news.ycombinator.com/item?id=12754396).
Does it matter? If the claim is true, then it's a serious problem. If it's untrue, then the article is wrong. Neither one is changed if the author is a particular person.
LastPass is so buggy, I have a draft blog post that I'm going to publish some day listing the dozens of bugs I've found. It's still the least worse cross-platform password manager (with sharing and sync features) that I've tried.
Bitwarden looks interesting, but it doesn't seem to support team features, nor does it seem to have any documentation, or even an "about us" page.
I don't see this as much of an issue personally. I don't ever store any identifying information in urls, so it's more of a convenience to have the logos for easy navigation.
I get that they say that everything is encrypted, but really it could be a lot worse. I definitely won't be switching password managers just because of this like some people are saying.
Its a pretty huge deal if you store passwords for websites that you don't want other people to know you even have an account for. Like, say, a dissident in a politically oppressed country having an account for the US immigrations website.
Well, I'd love to use something other than Lastpass but there are no other password managers that are as well integrated into chrome and that sync seamlessly.
Keepass had tons of issues on the synch-side, merging incorrectly or just plain not syncing in addition to the android app being horrible to some extend. Additionally the chrome plugin is less well written, it's not bad but not as easy to access as lastpass.
1password is still not out on linux and I have no intention of using them until they bring out a linux client.
Bitwarden looks fishy to me (audit? pricing? funding? integration?).
If the only problem with Lastpass is that they sent out the URL of the site in cleartext over a HTTPS connection, fine, have it, there is clearly worse and it's something I'm willing to accept in exchange for one of the better password managers.
This doesn't seem like a terribly important information leak, but what gets me is that they obfuscated it by converting it to hex. Why do that?
On the one hand, it feels like they're being sneaky and trying to trick savvier users who might glance at the data to make sure it "looks encrypted". On the other hand, they have to have realized someone would notice eventually. Or maybe that's the point: if they obfuscated it well, someone would break it and they'd have egg on their faces. By just hiding it a little, they have plausible deniability that they weren't trying to obfuscate.
Stupid question: why can't LastPass encrypt the URL as well and decrypt client-side to show the logo, like they do (as I understand it) with passwords?
The client still needs to fetch the logos from somewhere so it has to upload a list of URLs to get the logos for. They've just opted to do it when saving a password entry.
They can, I don't see why they chose the current implementation over this one, somehow this small leak can let them build a database of browsing habits and target users who use x website...hmmm
Perhaps a silly question as I do not have a lot of experience with software like this, but:
What prevents Lastpass, bitwarden or any other third-party to update their software (and/or compromise the download server) to synchronize all information un-encrypted in a new version which is auto-updated by the user?
I currently use KeePassX, and synchronize this file with a secure server myself since I feel uncomfortable with having software that handles the encryption also controlling the synchronizing service.
Two fixes:
1) find an opensource one, compile it yourself, verify it's behavior, install it yourself
2) find one that works without using network, don't approve adding network permissions ever, run it in a jail without network, on android you can deny the network permission.
This works again random software companies, but not against google.
Lastpass is an atrocity to software. In almost a year using it (including its "Premium" version), I was unable to get their password change feature working and it was often unable to remember passwords properly. I would change the password, Lastpass would show the right password in its UI, then it would use the wrong one. This is the most basic feature of a password manager and it
simply doesn't work. Their support, even for the paid version, might as well be a bot that just spits out random Lastpass "facts".
I see a ton of reviews all over the Internet claiming it's one of the best password managers, and I wonder if these reviewers and websites didn't just get paid some money to write a positive review without ever installing, let alone using the software. With the software being so shoddy, I would not trust my passwords to Lastpass even if they ended up fixing the UX. I ended up deleting my account and switching to Enpass which has worked flawlessly. On top of that, I don't have to trust Lastpass, or any shitty company like that, with my most valuable data and can sync it over WiFi, my NAS, and shared folders in addition to cloud providers (also works in Linux).
I've been using LP as a paid user for several years now, and was really annoyed when they were absorbed by LogMeIn. My main issue is this: while there are several alternatives to LP, there don't seem to be as many which have the same or similar features while ALSO integrating YubiKey's OTP functions. I bought a YubiKey because of LastPass, and slowly integrated it into my workflows. I really like it as a second factor, and the additional capabilities (such as storing secrets for TOTP, etc.) make it nearly indispensable.
Last I checked (over a year ago), 1Password wasn't terribly interested in adding it as a feature, and while there was a KeePass extension which implemented HOTP-based 2nd factor, I never got it to work reliably. Is there ANY service which integrates the YubiKey as well as LP does? I'm more tied to that than I am to LP.
Unrelated to the initial post, but here's a recent LP annoyance: on January 9, LP pushed an update to the Chrome extension which broke the version 3.0 view (which looked like a filesystem), forcing users to move to their 4.0 view if they wanted to use the extension. According to a user commenting on the support tab in the Chrome store, "you deleted the min.js file from your extension but your lastpass version 3 view still needs this file. cant even manually copy it back because chrome then thinks its malware. keep up the good work!"
I can't speak to the veracity of the comment, but LP's forum was pretty active, and admins essentially said "don't use 3.0" as a fix. Support tickets mentioned they were aware of the issue, but not much else. To be fair, LP did say they would eventually deprecate the 3.0 view, but there was little communication about the recent update, making it seem like they don't really give a shit. I don't like their 4.0 view; it's less efficient, and more interested in making things look pretty.
As someone who's worked in this domain, I found this very poorly handled. The obvious, privacy-conscious solution, would be to embed all logos in the client, but this can be unfeasible on the web, depending on the quantity of data. In practice, maybe sacrificing a couple of MB for a one time download isn't such a bad trade-off for privacy (and this will only happen for logged-in users who visit their vault).
However, if we want to trade off _some_, but not all privacy (in terms of what logins a vault contains), I can think of a naive obfuscation scheme where random domains are added to a login alongside the real one. Here's how that could work:
Preprocessing
* assign an order to the logos and hence numerical IDs
* pick a hash function (URL / site name) => ID
User adds a new login:
* is the URL recognized (e.g. accounts.google.com) i.e. do we have a logo for it?
* if yes, obtain its ID e.g. 1
* get N more random IDs e.g. 14, 124, 144
* save all of them as the login's metadata e.g. "logo_cache:1,14,124,144"
User requests logins (and hence needs logos):
* compute (and cache) the list of IDs of logos needed (M entries x N logo IDs each, deduped)
* pack and send the logos (hopefully a much smaller subset than all logos)
It's really weird that the URL parameter is encoded as hex. Is this some attempt to hide it, or just a lazy programmer not wanting to call an escape function?
I got a license for 1Password Families in a Humble Bundle recently and have been seriously considering making the switch from LastPass. The LastPass Chrome extension gets disabled on me once or twice a week and has become a real annoyance. The only thing holding me back is the ongoing pricing for 1Password is 5x more than LastPass.
I'm an ancient Lastpass user too. But I don't think the unencrypted URL worries me.
If any 3-letter agency want my history, they can just visit anyone in between me and the URL.
My browser have my browsing history.
My ISP have my browsing history.
DNS resolvers have my browsing history.
CDN have my browsing history.
Proxy/VPN have my browsing history. (which some they claims they don't log at all)
Basically browsing history is too accessible to anyone.
If you are using network that doesn't managed by you, they have your browsing history too. (McD, Starbucks, etc)
And last again like others+Lastpass have commented, your whole pile of encrypted data is encrypted together and sent to Lastpass. Did you try to read your Wireshark?
I really like a lot of the features of LastPass... works across devices, has groups with sharing options for teams, security audit and summary, auto updates (on some sites), 2FA, and the dead man's switch is nice...
I haven't found any other services that work as well for teams with features like this. I've tried 1Password and some others and found their team sharing options lacking.
Curious what other teams are using -- not just personal password managers but tools you can use successfully over an entire organization.
I've heard many bad things about LastPass - and this is just the cherry on top. I highly recommend 1Password to everyone. I've been using it for about 2-3 years now and it's been absolutely flawless. Yes, it doesn't have a Linux client, but that's literally the only "drawback" I can think of. As a developer who uses a Mac, the only time I'm on Linux is when I'm SSH'd into a server.
I ditched LastPass after LogMeIn acquired them. With all of the bad press that company has had over the years it was enough for me to move on.
For the most part I am happy with Dashlane and pay for it annually. Sometimes when chrome or firefox update it take a while to load the browser plug-in. other than that I have few complaints.
Anyone else use Dashlane or something similar, other than LastPass?
Anyone have recommendation for replacing Lastpass? I need support for Android, Linux, and Windows. I would like to be in control of my data if possible (sync to cloud) and a nice to have would be a browser extension for autocomplete.
KeePassX - I've been using it for years now. I just put the database on my Dropbox. Quick, convenient, and most importantly for me, always in my own hands.
[+] [-] astral303|9 years ago|reply
You are looking at intermediate data of what's stored in your decrypted blob. Yes, some things are encrypted twice in the Lastpass vault.
The contents considered "unencrypted" by the blog post are actually only accessible after your private key has been provided.
"How can Lastpass show me the Google logo?" It's shown by your Lastpass Extension, after your vault has been decrypted with your password. It's the same reason that Lastpass can show you the password saved for Google!
Notice that request has an unencrypted folder name, "Email." Those folder names are only accessible after the decryption of the entire vault.
URLs are encrypted. LastPass does not know your URLs.
I noticed the article does not include the destination URL for this request, only the parameters. So I can't make a determination as to why this request was made and who the destination server is.
I just tried adding a new site to the "Email" folder, and no requests to remote servers showed up in my Network tab.
IF the LastPass extension really does make a call to lastpass.com with this information, then, yes, there is a possibility that Lastpass can track these hashes in some separate store. But that doesn't mean that the encrypted vault blob has the unencrypted data as claimed.
[+] [-] thekos|9 years ago|reply
This will return an XML document with your vault data. Most of it is encrypted, however an URL parameter is encoded as hex, in plaintext. I am able to look at all URL. They could be storing the blog fully encrypted in a server datastore, but at some point, the LastPass servers are handing the client non-encrypted URLs.
[+] [-] jzl|9 years ago|reply
And if the extension is pulling the logo from the web then there is also a leak to each site whenever it pulls (rather than to lastpass itself).
Best case scenario: the extension comes with a list of the most common logos baked into it. But if that's the case, why would it save a logo url. Hmm ...
I'm pretty sure we'll be hearing back from Lastpass on this one.
[+] [-] chrisfosterelli|9 years ago|reply
I've been able to confirm when you update a site through the web interface it makes a POST request to https://lastpass.com/show_website.php with the `url` parameter which contains the hex-encoded URL of the website. I think the author is correct about this.
[+] [-] nebulous1|9 years ago|reply
Well, I don't even have lastpass so I can't check, but it obviously has to be sending something when you save the new site or it isn't saving it in the cloud at all.
[+] [-] AdmiralAsshat|9 years ago|reply
NSA: LastPass, we suspect that John Smith uses your service. Give us access to John Smith's password database.
LastPass: We cannot, all of John's usernames and passwords are encrypted and we ourselves don't have the key.
NSA: Alright, then, give us the websites for which John Smith's database has credentials for, and we'll subpoena each website of interest individually.
If John Smith has known email address [email protected], it is probably safe to assume that the email is the login for at least some of the websites of interest, and can then ask each website for info on that particular user.
[+] [-] arjie|9 years ago|reply
Now if there was a non state-level threat, that'd be different.
[+] [-] valarauca1|9 years ago|reply
Seriously if you have a threat model that includes the NSA you've already lost.
[+] [-] martey|9 years ago|reply
I normally don't assume astroturfing without concrete evidence, but there is no information in the post that explains why the author is anonymous and the creator of BitWarden has previously made comments without disclosing their affiliation (https://news.ycombinator.com/item?id=12754396).
[+] [-] mikeash|9 years ago|reply
[+] [-] Flimm|9 years ago|reply
Bitwarden looks interesting, but it doesn't seem to support team features, nor does it seem to have any documentation, or even an "about us" page.
[+] [-] mulrian|9 years ago|reply
I get that they say that everything is encrypted, but really it could be a lot worse. I definitely won't be switching password managers just because of this like some people are saying.
[+] [-] 010a|9 years ago|reply
[+] [-] tscs37|9 years ago|reply
Keepass had tons of issues on the synch-side, merging incorrectly or just plain not syncing in addition to the android app being horrible to some extend. Additionally the chrome plugin is less well written, it's not bad but not as easy to access as lastpass.
1password is still not out on linux and I have no intention of using them until they bring out a linux client.
Bitwarden looks fishy to me (audit? pricing? funding? integration?).
If the only problem with Lastpass is that they sent out the URL of the site in cleartext over a HTTPS connection, fine, have it, there is clearly worse and it's something I'm willing to accept in exchange for one of the better password managers.
[+] [-] jasikpark|9 years ago|reply
[+] [-] baldfat|9 years ago|reply
Same information that your internet provider already has linked to your ISP and can be retired by a warrant or no warrant.
[+] [-] perfectfire|9 years ago|reply
Really? Were you using KeePassDroid? I remember that being not so great. I think Keepass2Android is excellent.
[+] [-] dkonofalski|9 years ago|reply
Why? The client functions just fine under Wine and runs better than most of the native clients that already are on Linux.
[+] [-] mistercow|9 years ago|reply
On the one hand, it feels like they're being sneaky and trying to trick savvier users who might glance at the data to make sure it "looks encrypted". On the other hand, they have to have realized someone would notice eventually. Or maybe that's the point: if they obfuscated it well, someone would break it and they'd have egg on their faces. By just hiding it a little, they have plausible deniability that they weren't trying to obfuscate.
But any way you slice it, it seems weird.
[+] [-] rocqua|9 years ago|reply
[+] [-] daveFNbuck|9 years ago|reply
[+] [-] jogjayr|9 years ago|reply
[+] [-] guntars|9 years ago|reply
[+] [-] chaosfox|9 years ago|reply
[+] [-] Globz|9 years ago|reply
[+] [-] ehsankia|9 years ago|reply
[+] [-] thinkloop|9 years ago|reply
[+] [-] jenoer|9 years ago|reply
What prevents Lastpass, bitwarden or any other third-party to update their software (and/or compromise the download server) to synchronize all information un-encrypted in a new version which is auto-updated by the user?
I currently use KeePassX, and synchronize this file with a secure server myself since I feel uncomfortable with having software that handles the encryption also controlling the synchronizing service.
[+] [-] sliken|9 years ago|reply
This works again random software companies, but not against google.
[+] [-] fapjacks|9 years ago|reply
[+] [-] mnm1|9 years ago|reply
I see a ton of reviews all over the Internet claiming it's one of the best password managers, and I wonder if these reviewers and websites didn't just get paid some money to write a positive review without ever installing, let alone using the software. With the software being so shoddy, I would not trust my passwords to Lastpass even if they ended up fixing the UX. I ended up deleting my account and switching to Enpass which has worked flawlessly. On top of that, I don't have to trust Lastpass, or any shitty company like that, with my most valuable data and can sync it over WiFi, my NAS, and shared folders in addition to cloud providers (also works in Linux).
[+] [-] CtrlAltT5wpm|9 years ago|reply
Last I checked (over a year ago), 1Password wasn't terribly interested in adding it as a feature, and while there was a KeePass extension which implemented HOTP-based 2nd factor, I never got it to work reliably. Is there ANY service which integrates the YubiKey as well as LP does? I'm more tied to that than I am to LP.
Unrelated to the initial post, but here's a recent LP annoyance: on January 9, LP pushed an update to the Chrome extension which broke the version 3.0 view (which looked like a filesystem), forcing users to move to their 4.0 view if they wanted to use the extension. According to a user commenting on the support tab in the Chrome store, "you deleted the min.js file from your extension but your lastpass version 3 view still needs this file. cant even manually copy it back because chrome then thinks its malware. keep up the good work!"
I can't speak to the veracity of the comment, but LP's forum was pretty active, and admins essentially said "don't use 3.0" as a fix. Support tickets mentioned they were aware of the issue, but not much else. To be fair, LP did say they would eventually deprecate the 3.0 view, but there was little communication about the recent update, making it seem like they don't really give a shit. I don't like their 4.0 view; it's less efficient, and more interested in making things look pretty.
[+] [-] smnscu|9 years ago|reply
However, if we want to trade off _some_, but not all privacy (in terms of what logins a vault contains), I can think of a naive obfuscation scheme where random domains are added to a login alongside the real one. Here's how that could work:
[+] [-] mikeash|9 years ago|reply
[+] [-] bearcobra|9 years ago|reply
[+] [-] asdz|9 years ago|reply
If any 3-letter agency want my history, they can just visit anyone in between me and the URL.
My browser have my browsing history. My ISP have my browsing history. DNS resolvers have my browsing history. CDN have my browsing history. Proxy/VPN have my browsing history. (which some they claims they don't log at all)
Basically browsing history is too accessible to anyone. If you are using network that doesn't managed by you, they have your browsing history too. (McD, Starbucks, etc)
And last again like others+Lastpass have commented, your whole pile of encrypted data is encrypted together and sent to Lastpass. Did you try to read your Wireshark?
[+] [-] dbg31415|9 years ago|reply
I haven't found any other services that work as well for teams with features like this. I've tried 1Password and some others and found their team sharing options lacking.
Curious what other teams are using -- not just personal password managers but tools you can use successfully over an entire organization.
[+] [-] acejam|9 years ago|reply
[+] [-] dkonofalski|9 years ago|reply
[+] [-] Walkman|9 years ago|reply
[+] [-] circa|9 years ago|reply
For the most part I am happy with Dashlane and pay for it annually. Sometimes when chrome or firefox update it take a while to load the browser plug-in. other than that I have few complaints.
Anyone else use Dashlane or something similar, other than LastPass?
[+] [-] cheez|9 years ago|reply
[+] [-] mercnet|9 years ago|reply
[+] [-] problems|9 years ago|reply
Looks like their Argon2/ChaCha20 based KDBX4 format is now out too, so I've got some upgrading to do.
[+] [-] invokestatic|9 years ago|reply
[+] [-] Carrok|9 years ago|reply
[+] [-] walterbell|9 years ago|reply
https://www.zetetic.net/codebook/
https://www.zetetic.net/sqlcipher/
[+] [-] ryandrake|9 years ago|reply
[+] [-] unknown|9 years ago|reply
[deleted]