To protect your privacy: email us with billing or account questions instead of posting here.

LastPass Iteration Failures: Can you verify the PBKDF2 Iterations used on your 1Password Vault?

Mycenius
Mycenius
Community Member
edited March 2023 in Memberships

As we know LastPass have suffered a pretty horrific failure that can only be attributed to negligence on their part (although they are going to great lengths to prepare the ground to blame their customers if any passwords/vaults do get cracked). In LP users had access to the iteration settings (and IIRC Bitwarden has similar), does 1Password have anywhere a user can verify the stated 100,000 iterations of the salted password are happening?

I understand there is no functionality to customise this for users but can we validate it? I'm interested in this because LastPass have committed a horrific failure (separate from repeated breaches and the recent theft of users vaults) that I'll detail below, and while I have faith in 1Password (and Bitwarden for that matter) to not have failed in this way I am interested in if there is anyway to validate the iterations being used on your account? e.g. In the white paper it refers on page 39 to the comms between server and client and shows example of code for a server authentication response - but I can't see anything about how a user can validate that 100,000 iterations is being used? Is there a way?

Back to LastPass - they made great noise how they use 100,100 iterations and it's strongest in the PWM industry (actually the difference between 100,000 and 100,001 and 100,100 does seem negligible and makes minimal difference to someone trying to crack an encrypted vault/password from what I understand); however the truth is now coming out that many (possibly the majority) of LastPass's customers never had the 100,100 iterations applied - mostly only new customers from 2019 onwards and a random amount of older customers (how many is unconfirmed although LastPass will know this but are unlikely to ever make it public). Back when LastPass first started (mid-2000's?) they used 1 iteration, and some point later they changed to 500; but they never ensured this change applied retrospectively to every existing customer (so many were left using 1 while new customers had 500). In the early 2010's sometime they upgraded to 5,000 iterations - once again this was not retrospectively applied consistently to every customer nor were notifications sent out to customers advising them to 'manually' change the setting to the highest one now available, etc). So now there were assorted customers using 1, or 500 or 5,000 iterations. In 2018 they announced their "100,100" iterations (woohoo) but again the same error seems to have been repeated, and it also looks like it was never actually implemented until 2019 sometime - so new customers from say 2019 onwards and a totally random smattering of all the other existing customers since the company began have 100,100 iterations, but many were still on 1 or 500 or 5,000 iterations. Incredibly poor and incompetent effort by LastPass (and it looks like they were well aware of this for a long time and just chose to ignore it), and as mentioned they are putting a lot of effort into laying ground work to blame the customers themselves for this if and when mass vaults start getting cracked, etc.

There are reports of thousands (if not more) LastPass customers on the 5,000 setting and confirmed reports of many on only 500 and at least 3 I've seen verified they were on only "1" PBKDF2 iteration (basically their vaults might as well be in plain text).

It is likely true that a small number of customers may have caused this issue for themselves by having access to this functionality and not understanding it - and choosing the lower number setting thinking it made something easier for them (like password length or speed of vault opening); but by and large 99%+ will have just been on the defaults LastPass set them and will have never looked at it. I am not convinced having the ability to change this by a user is necessarily that advantageous - it would be far better to just have it always forced to the highest value the Password Manager can support that doesn't significantly impact device performance (an advanced option might allow a user to push it to a higher level - but definitely not a lower one like LastPass allows).

To see more on the true impact of LastPass's failure particularly in regard to the iterations failure, here's a good series of posts from an 'expert' who's been haranguing LastPass for years to fix some of their well known issues:

  1. LastPass has been breached: What now? (from Almost Secure)
  2. What’s in a PR statement: LastPass breach explained (from Almost Secure)
  3. Follow-Up Post on Iterations (on Mastodon)
  4. One person's confirmation they had only 1 iteration (on Mastodon)
  5. Another person confirming the same thing (as they migrate to 1Password) (on Mastodon)

And lastly a couple of other related posts on the LastPass incident in case anyone hasn't seen them (I think some have been posted elsewhere on this forum) that reinforce the failures (should I use 'incompetence') at LastPass:

P.S this also is related to the "1P PBKDF2 iterations are less than recommended by OWASP. Please do better." discussion in this forum.


1Password Version: n/a
Extension Version: n/a
OS Version: iOS, macOS, Windows 10
Browser: Brave, Tor, Firefox, Safari

Comments

  • Hi @Mycenius

    We don't expose this in the UI, but if you're willing to go digging you can verify the value for the # of PBKDF2 iterations:

    1. Click on the 1Password icon in the Safari toolbar on macOS
    2. Right click on the popup and select Inspect Element
    3. To make things easier to navigate, select the icon to pop the web inspector into its own window
    4. Select the Storage tab at the top of the web inspector
    5. Expand b5x then click on keysets
    6. Expand the value for your primary key and then expand encSymKey
    7. The p2c value is the one that determines the number of PBKDF2 iterations

    This is likely possible with other browsers as well, though the instructions may vary and I don't have them off-hand. 😃

    Ben

  • Mycenius
    Mycenius
    Community Member

    Thanks great - thank you @Ben - that's plenty good enough for my purposes and good to be able to do! I do run a MacBook Pro, Windows PC and an iPhone & iPad but visibility on any one is sufficient for me personally. 😃😃

    P.S. I think this might be a good idea for a long term feature improvement to have the iterations value visible for everyday people (doesn't need to be editable if 1Password is using a set value for everyone) - maybe on the about page along with the version info or on the security page or advanced page of settings just as an info field? Key thing being to show the actual value used from the users vault/account; not some default unrelated arbitrary value that's just pushed out across the user network...

    (...because that is kind of LP's issue, they are telling everyone it's 100,100 iterations when every user can change that value if they want and in many cases LP themselves have left it at much lower values for many many users, and they know that but still publicly say everyone is 100,100. Of course in their system users can see and edit their value - but I bet 90% of users don't even know it's there)...

  • Mycenius
    Mycenius
    Community Member

    Some related discussion here also: Security concern(s) in 1Password after LastPass hack.

  • Mycenius
    Mycenius
    Community Member

    This was posted on another forum: LastPass data breach led to $53K in Bitcoin stolen, lawsuit alleges

    A class-action lawsuit has been filed against password management service LastPass following a data breach from Aug. 2022. The class action was filed with the United States district court of Massachusetts on Jan. 3... When news of the data breach broke, the plaintiff deleted his private information from his customer vault. LastPass was hacked in Aug. 2022, with the attacker stealing encrypted passwords and other data, according to a December statement from the company. Despite the quick action to delete the data, it appeared to be too late for the plaintiff. The lawsuit read: “However, on or around Thanksgiving weekend of 2022, Plaintiff’s Bitcoin was stolen using the private keys he stored with Defendant [LastPass].”

    The italicised bit clearly illustrates a failure of understanding of how the vaults work (and possibly what was stolen - a copy of (possibly) every users' vault(s). HOWEVER the latter part (last sentence) - and if true and verified of course - reinforces the discussions above about poor levels of iterations and keys being cracked to allow access to the stolen vaults...

  • JAC3467
    JAC3467
    Community Member

    @Ben

    It's not a big deal, but I am unable to get these steps to work as you describe here:

    Click on the 1Password icon in the Safari toolbar on macOS
    Right click on the popup and select Inspect Element
    To make things easier to navigate, select the icon to pop the web inspector into its own window
    Select the Storage tab at the top of the web inspector
    Expand b5x then click on keysets
    Expand the value for your primary key and then expand encSymKey
    The p2c value is the one that determines the number of PBKDF2 iterations

    I have no doubt the PBKDF2 iteration value is as stated. That said, when I click on the 1PW toolbar icon in Safari, the popup window displays, but I have no right-mouse-click menu options when hovering over the window. If I click anywhere on the background web page, the popup disappears, and I can right-click and "Inspect Element" on the web page. Same behavior regardless of whether 1PW is locked or unlocked. A right-click on the toolbar icon yields "Manage Extension..." and "Customize Toolbar...". I had my tech-savy son try it too, same behavior.

    As mentioned, not a big deal, but if you could clarify the secrete handshake I'm missing, I would appreciate it.

  • Hey @JAC3467

    You may need to enable Safari's developer tools.

    Use the developer tools in the Develop menu in Safari on Mac - Apple Support

    I hope that helps!

    Ben

  • JAC3467
    JAC3467
    Community Member

    @Ben

    A good guess, and if only it were that easy. I turned on those tools long ago to fiddle with other bits. There is something different, so it would seem, probably a single browser setting or maybe two. I've got a couple other browsers installed; I'll see if I can find success with one of those.

    Thanks for trying.

  • kassha
    kassha
    Community Member

    I would feel much better if you allowed me to change the number of iterations as Bitwarden does. I understand you feel confident about the secret key, but is there a reason 1password doesn't want users to set the pbkdf2 iterations to the owasp standard or even far beyond?

  • Ben
    Ben
    edited January 2023

    @kassha

    There is an extensive discussion about that over here:

    1P PBKDF2 iterations are less than recommended by OWASP. Please do better.

    The short answer is:

    • Diminishing returns
    • Performance trade-off
    • Security should be the default, not a setting that users need to twiddle to achieve. If more iterations were decidedly the path forward, we'd automate migrating everyone to more iterations, vs forcing users to try to understand and then pick a sensible value. Consider that only a fraction of a percentage of customers will have ever even heard of a PBKDF2 iteration, let alone understand the implications of changing that value. And they shouldn't have to in order to use the product and be secure.
    • Ultimately a new KDF is a better long term answer than more iterations of PBKDF2 (though, no definite news to share here)

    What happened at LastPass is something we had anticipated as a possibility and built our security model to withstand. As my colleague Jeff Goldberg mentioned: we don't plan on being breached, but we have planned for being breached. Folks are looking at the LastPass situation and panicking. There is no panic here, because our model was built with that possibility in mind.

    The security model will continue to evolve as new threats emerge and the security landscape changes. But the possibility of being breached isn't new: it is a challenge we anticipated, and we've already designed our service to minimize the impact of such an event. That's why there isn't a big rush to react on our end, from a security perspective. It is a known threat that we've planned for and protected against.

    Ben

    Edit: formatting, spelling

  • dragon1
    dragon1
    Community Member

    Hi Ben,
    thx for your explanation. Worked.

    But:
    Why do I have 5 different keysets inside? And for me it was keyset number 3 which has all the details.

    Something wrong?

  • topher007
    topher007
    Community Member

    @dragon1 Mine was the third one as well. I was able to confirm 650k too.

  • topher007
    topher007
    Community Member

    @JAC3467 Ben's instructions didn't work exactly for me.

    Right click on the popup and select Inspect Element didn't work. Instead, I opened the Settings page of 1PW, right-clicked, and clicked on Inspect Element. Then, I followed the rest of his instructions, and mine was the third key with the 650k.

  • JAC3467
    JAC3467
    Community Member

    @topher007 - Thanks for the post. Are you running version 7 or 8? I'm on 7 and can't seem to replicate the behavior you describe, and the image you posted looks different.

This discussion has been closed.