top | item 34168871

(no title)

The article is missing key data. The password iterations that are set low are client side. The server side is different.

The writer of the article needs to retract.

https://support.lastpass.com/help/about-password-iterations-...

discuss

palant|3 years ago

Disclaimer: I’m the author of this article.

I’m not missing anything. It’s LastPass who finally need to retract this article. I proved back in 2018 that server-side iterations are misimplemented and have no security effect. That’s why they increased the client-side value in the first place. See https://palant.info/2018/07/09/is-your-lastpass-data-really-...