SHA-256 really?
#11
LastPass uses a one-way salted hash.
A one-way function is one that cannot be reversed.
A hash is a representation of your Master Password.
The process of salting adds extra data to the hash in order to add complexity. LastPass uses the username to salt the Master Password.
In other words, LastPass enters the user name and Master Password into one-way functions to create a salted hash. Since the function cannot be reversed, even if the salted hash was compromised, the attacker would still be unable to obtain the Master Password.


LastPass uses PBKDF2-SHA256 rounds.
This feature makes the salted hash even more complicated for an attacker because it increases the number of iterations it takes in order for a password to be accurately guessed. Using a one-way salted hash with a high number of iterations, along with making sure your Master Password is long and complex, provides the greatest potential for preventing your sensitive dating from being compromised
Reply