PBKDF2 strength related to LastPass hack and Argon2

redbull666
redbull666
Community Member
in Lounge

Hi there,

I am interested in the password hashing mechanism in 1Password, especially relating to the LastPass hack.

Reading:
https://arstechnica.com/information-technology/2022/12/lastpass-says-hackers-have-obtained-vault-data-and-a-wealth-of-customer-info/

They should also make sure they're using settings that exceed the LastPass default. Those settings hash stored passwords using 100,100 iterations of the Password-Based Key Derivation Function (PBKDF2), a hashing scheme that can make it infeasible to crack master passwords that are long, unique, and randomly generated. The 100,100 iterations is woefully short of the 310,000-iteration threshold that OWASP recommends for PBKDF2 in combination with the SHA256 hashing algorithm used by LastPass.

Reading about 1Password at https://support.1password.com/pbkdf2/, it also uses far less than the recommended 300k iterations:

There are 100,000 iterations, or functions, of PBKDF2 in the current version of 1Password. This means anyone who tries to guess an account password needs to perform the same calculations. Any hacking attempts are virtually useless since your account password is combined with your Secret Key, which is only on your devices.

Secondly, how does this relate to the previous discussion on replacing PBKDF2 with Argon:
https://1password.community/discussion/91549/argon2i-cross-platform-reference-implementation-available

It seems since 2020, there has been little progress? Is it no longer relevant or not technically feasible?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • GreyM1P
    GreyM1P

    Hey there @redbull666

    We use 100,000 iterations of PBKDF2 for your account password because it's combined with your Secret Key to provide additional entropy.

    If your account was only protected by a password, then more iterations would be appropriate, but the security that would provide is (in our case) provided by the Secret Key instead.

    You're quite right. We are still looking at a new key derivation function. Our Security and Engineering teams are working on this and are keen not to rush it to make sure we implement things carefully, so although there's nothing to announce on that front just now, we haven't forgotten about it. :)

    — Grey

  • redbull666
    redbull666
    Community Member

    Ok great, thanks for the quick reply!

  • GreyM1P
    GreyM1P

    @redbull666 – You're very welcome! Happy holidays from all of us! 🎄⛄️

  • Mycenius
    Mycenius
    Community Member

    @redbull666 you might also be interested in the thread I started & question I posed here: LastPass Iteration Failures: Can you verify the PBKDF2 Iterations used on your 1Password Vault?

This discussion has been closed.