If it works exactly the way they say it does, then a sufficiently strong password should be relatively secure. The answer to this depends on how much you trust LastPass. That's all your new device needs to know in order to decrypt your vault. As a result, the same input (your password) will always produce the same output (hash + the decryption key). The decryption key is a function of your password. How does LastPass decrypt my passwords on a new device? When logging in, your client only sends the hash of your password, and LastPass simply compares it to the password hash they possess. LastPass only has access to your vault in an encrypted form they can't read it without knowing the key. How does LastPass know that my password is correct? The decryption key, which NEVER leaves your computer, is then used to decrypt your Vault once it comes back.We are only sent your hash, not your Master Password. Once verified, we send back your encrypted Vault. The password hash is sent to our servers to verify you.No, when you login to LastPass, two things are generated from your Master Password using our code discussed previously before anything is sent to the server: the password hash and the decryption key. Don’t I send it to the LastPass servers when I log in? From this support thread on the LastPass website: LastPass says they never receive my Master Password.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |