A few hours before Christmas Eve,password management company LastPasspublished a message for its customers. She informs them that a computer attack allowed cybercriminals to get their hands on customer safes.
Wladimir Palant, cybersecurity expert, has today published his report on the attack. According to him, the situation would be much more serious than announced by the brand and LastPass's speech would be filled with “omissions, half-truths and outright lies”.
LastPass is guilty of gross negligence
In total, this computer researcher focused on 14 statements made by the brand in recent hours. Its verdict is as clear as it is harsh, the brand is guilty, it minimizes the facts and is responsible for several serious negligences.
LastPass's main argument is that its method of creating passwords takes "millions of years" to be coughed up. According to Palant, the truth would be around two months, already a very good score for a password.
With his demonstration, Palant shows above all that passwords alone are of little or no use. Never being chosen randomly, they have a so-called “entropy” level of 40 on average. This corresponds to two months of decryption for a single graphics card. Very complex passwords (more than 16 characters, numbers, letters, capital letters and symbols included) take 200 years on a single graphics card.
Passwords: a technology from another era ?
While this may seem like enough to protect data, a really aggressive criminal could take more steps and find your password in just a few hours. With this new attack against LastPass, cybersecurity is back at the heart of the debate.
If you are a LastPass user, we strongly advise you to change all your passwords while possible. For people who have an iPhone or an Apple product with them, thetrousseau iCloudcan act as a good password safe.
i-nfo.fr - Official iPhon.fr app
By : Keleops AG
