![]() The decryption engine could be on your laptop, in the cloud, or your phone (I'm not sure how Lastpass does it).īut what happens to that encryption key? If they do the right thing, they destroy it. First, the credential is retrieved, then the KMS is contacted for the key, and then another piece of software does the decryption. So when you want a password, several things happen. Maybe the NSA has such things powered by nuclear reactors, but it is hard to say they could even engineer it. ![]() ![]() If Lastpass uses standard encryption strength keys, then even cracking one credential would require a data center so large that you would be able to see its heat waste from space. Every credential on that hard drive has its own secret key so if an attacker somehow stole the hard drive, they would have to crack your credential and every other users credential for every web site independently. username/password) are stored on a hard drive and each one of your credentials is encrypted using a high strength security key stored on the KMS. So how does a password get to your machine? Imagine your credentials (e.g. Can you secure secure a KMS effective? Yes but you do it physically by locking up the servers that contain the keys with physical walls and guards etc. One part of a system like this would be a key management system (aka KMS) that guards the encryption keys that protect your passwords. Is it possible to implement something that is secure? Yes it is, at least to the level that an attacker has to engage in some high profile high risk actions to break the security. You have to believe their prior history and decide they did the right thing. LogMeIn does not provide details of their architecture or network infrastructure so its hard for even someone like myself, a software and network security architect, to have a real opinion on their design.
0 Comments
Leave a Reply. |