So your more secure solution involves using. Hopefully this forces BitWarden and LastPass to change and introduce generated secret keys in their account creation phase. I wasn't surprised when LastPass was hacked - indeed, I've been expecting it for years - poor software quality and bad security choices were the red flags. After a few weeks, my mother changed her complex password back to a simple one behind my back - the only time she's learnt computer functionality on her own.ġPassword's whitepaper, IMO, also shows that it's ahead of the game in general. Everyone I have helped set up a LastPass or Bitwarden account have chosen simple passwords, and are extremely resistant to the point of anger if you make them choose a complex one. It provides entropy where the user will refuse to. The average consumer needs an autogenerated secret key. It is dangerous design, prioritizing ease of onboarding over actual security. I've always thought it foolish to recommend solutions like LastPass and BitWarden, which don't require a secret key. This is why I prefer 1Password, as it requires the secret key to be compromised in addition to the Master Password, thus providing protection against a weak master password. It would still take a crapload of resources to be effective or useful in that scenario. *edit: just wanted to clarify that I think bruteforcing this dump wouldn't be as useful.
If we're talking a threat actor with $$, they'd do some serious damage on this dump. I think with some good wordlists, I'd wager a ton of low hanging fruits will be wiped within a reasonable time.
Used the same example as the author with 100500 iterations. Just out of curiosity I booted up a box with 10x RTX A6000 451.6 TFLOPS
0 kommentar(er)
