Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Lastpass like pretty much any modern password manager has zero knowledge of your encrypted vault so regardless of how crappy the service they physically cannot leak your data. This is the reason why encryption exists, to move secure information across not just insecure, but even adversarial channels.

When you use cryptography you go through all the hassle exactly so you don't have to have a panic attack when a company behaves stupidly.



Here are some ways LastPass has already leaked vault contents:

- It turns out a lot of the vault isn’t actually encrypted

- Some vaults used weak, breakable encryption

- The browser extension could be tricked into decrypting data for malicious parties

Encryption isn’t an on/off thing, it’s only as good as its implementation.

Also, this isn’t “zero knowledge” encryption, it’s end to end encryption.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: