top | item 19560939

(no title)

billdybas | 7 years ago

Sure, but is that not what an online password manager is? :P

discuss

The data is encrypted with a key that you have not one that the server has which is much much better. If someone breaks in to the server they are not able to very quickly grab all the data. They have to be able to deploy some malware on the server and allow it to run for a while to collect passwords.

rrix2|7 years ago

I want to believe that LastLass uses client side JS to decrypt based on your login credentials, not a plain text database.

pas|7 years ago

They do. It's not pretty, the whole thing is a mess from a lot of engineering aspects, but the basic security principles are solid.

TeMPOraL|7 years ago

If the on-line component goes anywhere beyond the ability to sync an opaque binary blob that only your local machines can decrypt and reencrypt, there's a problem there.

hopler|7 years ago

How does my secret key get from my phone to my tablet?