LastPass Ups PBKDF2 Round Limit

In a recent blog post by Jeremiah Grossman, founder of WhiteHat security, he discusses a recent problem he’d come across. He had forgotten his password, and he was now locked out of his computer. The post essentially details his story, going through various methods he used to crack back into it, and one part really sticks out, and is relevant to a lot of people. The PBKDF2 function played a massive role in bruteforcing the password.

The reason it’s so slow is because your AES256-encrypted DMG uses 250,000 rounds of PBKDF2-HMAC-SHA-1 to generate the encryption key. The ludicrous round count makes it extremely computationally expensive, slowing down the HMAC-SHA1 process by a factor of 250,000.

My Xeon X7350 can crack a single round of HMAC-SHA1 at a rate of 9.3 million hashes per second. But since we are using 250,000 rounds, it means I was reduced to doing ~ 37 hashes per second. Using all four processors I was only able to pull about 104 hashes per second total (doesn’t scale perfectly.)

PBKDF2 (Password Based Key Derivation Function) is a way to make a hashing algorithm, in this case SHA1, more computationally expensive. PBKDF2 runs the SHA1 algorithm over and over, in ’rounds’, stretching the time it takes to get the password. Jeremiah’s password was made far more secure, because the time it took to hash it was increased by a factor of 250,000.

While the correct password might only take a few seconds on the average computer, bruteforcing multiple passwords will take several seconds, and for any decent password you’ll have to spend years.

So even though Jeremiah remembered part of his password it was still not a realistic goal to crack it, even on an incredibly powerful machine. Until he narrowed down the last few digits of the password it was something of a lost cause.

So how is this relevant to LastPass?

Up until recently LastPass only allowed up to 100,000 rounds of PBKDF2. That’s an incredibly high amount, easily enough if you’ve got a strong password. But they’ve upped the limit to 256,000, right above where Jeremiah was.

With 256,000 rounds of PBKDF2 an attacker will have to try to bruteforce for years even if you use a “weak” password. This is assuming a traditional bruteforce.

It’s still important to create strong passwords though. One thing highlighted by Jeremiah’s post is how quickly you can turn centuries into minutes. By narrowing down the potential last few digits, he was able “to whittle down an in initial 41106759720 possible password combinations to 22472”, turning what would have been an incredibly long time into just a few minutes.

So make sure that you still create nice long passwords, with full character sets, and hard to predict characters. If you want to increase your PBKDF2 rounds you can have a look at my guide for setting up LastPass. And absolutely look into two-factor authentication for LastPass.

Get Free LastPass Premium (for both of us!) for one moth with this link: 

Leave a Reply

Your email address will not be published. Required fields are marked *