Security ?!

What do you love about LastPass? What do you hate about it? Tell us why you like it, why you don't, and why.

Moderators: admin, anatoly_LP, chantie, robyn, JoeSiegrist

Security ?!

Postby adrfonseca » Wed Mar 18, 2009 11:13 am

I think that this solution/addon seems great but I have a question about security.
You say that "data is locked down with your LastPass master password (which we never receive and will never ask for)..."
But why does the Master Password used for local encryption is equal to the lastpass.com website user password?
You say you never receive and you never ask but when I access to your website I do send my password...
This is even more true when I don't have the lastpass plugin installed in FF and I just log to your site.

Can you please clarify this?
Thanks!
adrfonseca
 
Posts: 8
Joined: Wed Mar 18, 2009 11:02 am

Re: Security ?!

Postby JoeSiegrist » Wed Mar 18, 2009 11:51 am

adrfonseca wrote:You say you never receive and you never ask but when I access to your website I do send my password...
This is even more true when I don't have the lastpass plugin installed in FF and I just log to your site.


You don't send your master password in either case, you may want to try it yourself to convince yourself: https://lastpass.com/faq.php#howcanilook

What's done is that password field is blanked out and the value is used to make a SHA-256 hash along with your email using JavaScript, locally on your computer.

Joe
JoeSiegrist
 
Posts: 4132
Joined: Wed Aug 20, 2008 10:40 am

Re: Security ?!

Postby adrfonseca » Wed Mar 18, 2009 12:35 pm

Hi Joe,

Thanks for the fast answer!
I have already used both Tamper Data and Live HTTP Headers to check the data exchanged between the FF browser and your servers...

And I do confirm that the password itself is not passed, but instead an hash ...

The hash is passed during login in :
method=web&hash=<my_hash>&xml=1&username=<my_email>&encrypted_username=<my_encripted_username>&otp=&otpidhash=&email=<my_email>&password=

And from what I have seen the hash is always equal, what makes sense since I haven't change the master password or email...
So, you must have my hash stored and validate my login comparing with the stored hash instead of the master password... Correct?

Now, my questions are:
1) What is used to encrypt my logins/passwords locally before sending? The master password or the previous hash?
It seems logically that the master password will be the only secure option, but just asking....

2) Taking into consideration the previous question is there a way I can replicate myself the local encryption method, so I can check that it's really my master password that it's being used?
I mean, I see in "tamper data" and "live http headers" some encrypted data traveling to your servers when I store passwords, but I have no way to verify that it was encrypted with my master password or with some string you guys know about.
If you are using standard algorithms and encryption methods, I must be able to run an independent encryption program pass it the same data (master password + data) that lastpass is using and in the end get the same encrypted string...

Can you help on this testing procedure? It would be a plus in terms of security verification.

Don't get me wrong, but this type of verifications can only help prove what you have been saying for a long time.

I do believe you have a great product in terms of security, but I'm paranoid so I do have to verify it :-)

On the other side, some people use roboform without much concern just because it's client side only, without ever confirming if it communicates to the server passing sensitive information... But that's another story, my concern is with lastpass, because it's the one I want to use. :-)
adrfonseca
 
Posts: 8
Joined: Wed Mar 18, 2009 11:02 am

Re: Security ?!

Postby JoeSiegrist » Wed Mar 18, 2009 1:59 pm

adrfonseca wrote:So, you must have my hash stored and validate my login comparing with the stored hash instead of the master password... Correct?


We do but for an extra level of security we also store a 256 bit salt on our side, and hash the hash you send with that salt and store/compare that, so that if a security breach occurred the attacker would get nothing. An extra level of paranoia on our side.

adrfonseca wrote:1) What is used to encrypt my logins/passwords locally before sending? The master password or the previous hash? It seems logically that the master password will be the only secure option, but just asking....

There is a different hash that's made for key versus the hash that's made for logging in -- we don't just use the master password alone (we include the username in the hash) to make it more difficult for someone to attack your saved encrypted data. The login hash hashes the password into the hash a second time SHA256(SHA256(username+password)+password)).

adrfonseca wrote:is there a way I can replicate myself the local encryption method, so I can check that it's really my master password that it's being used? I do believe you have a great product in terms of security, but I'm paranoid so I do have to verify it :-)


We understand your concern and would like to help you verify. The data is base64'd AES encrypted data with the 256-bit key being made up by a SHA256(username+password) username is lowecased and has whitespace removed, password is untouched. m.lastpass.com is by far the simplest version to follow this logic. I can probably make an extremely simple page that just takes username+password and encrypts and decrypts data in JavaScript if needed.

Joe
JoeSiegrist
 
Posts: 4132
Joined: Wed Aug 20, 2008 10:40 am

Re: Security ?!

Postby adrfonseca » Wed Mar 18, 2009 2:45 pm

Hi Joe,

Thanks for the detailed answers.
I'm really loving your level of paranoia. :-)

If you could provide the simple page with the js, that would be a great help and others might also need it if they decide to verify things.

On my side I need to do two things :
1) Build a simple program that encrypt data according to your last post rules and then I will be able to compare the output with the one from your simple js page and also compare my output to the encrypted data exchanged between the lastpass.com site and my FF browser.
If the outputs match, I will be sure that the encrypted data travelling to lastpass.com was generated using my master password, that (maybe) is just known by me. :-)

2) Use wireshark or something similar to see if your plugin are somehow communicating on other ports/protocols besides the expected HTTPS (and HTTP).

Thanks also for being open and straightforward about the security issues, instead of being like other people that get offended with these type of questions.
adrfonseca
 
Posts: 8
Joined: Wed Mar 18, 2009 11:02 am

Re: Security ?!

Postby adrfonseca » Wed Mar 18, 2009 7:07 pm

Hi Joe,

To be able to test the points of my previous post I have dissected two example HTTP POST's :
- login action
- adding a new user/password

Bellow are the relevant information passed in each one :
-----------------------
>>> POST 1 : https://lastpass.com/login.php
xml=2&username=<my_email_in_plain_text>
&method=ff
&hash=<my_hash>
&version=1.46
&hp=0
&encrypted_username=<my_encrypted_username>
&sentms=<time>

>>> POST 2 : https://lastpass.com/deliver_and_add.php
data=<my_encrypted_data>
&title=Gmail%3A%20Email%20from%20Google
&ref=<my_encrypted_ref>
&charset=UTF-8
&iid=
&name=<my_encrypted_name>
&grouping=<my_encrypted_grouping>
&iid=
&wxsessid=<my_encrypted_wxsessid>
&requid=<my_requid>
&sessonly=1
&sentms=<time>
----------------------
The <my_hash> was very simple to calculate according to your previous explanation.

Now I would like to ask you how do you organize the data before encrypting and what combination do you use to encrypt the following variables, so i can replicate it the exact same way with my program :
<my_encripted_username>
<my_encrypted_data>
<my_encrypted_ref>
<my_encrypted_name>
<my_encrypted_grouping>
<my_encrypted_wxsessid>

An example of what I need to know :
I assume that the <my_encripted_data> string in the POST2 includes the username, password and other variables in a certain order before aplying the encryption rules.... So, before I can encrypt and compare the result I need to know how the information is organized
eg : my_encrypted_data = Encrypt (????+????+...)

If this software is done the way I think it's done, you deserve the credit and deserve that the security issues do not become an issue, so I'm willing to run this extra mile to prove that your software is secure. It would be good for me and good for you! :-)

Best Regards,
Adriano
adrfonseca
 
Posts: 8
Joined: Wed Mar 18, 2009 11:02 am

Re: Security ?!

Postby JoeSiegrist » Thu Mar 19, 2009 12:19 pm

adrfonseca wrote:An example of what I need to know : ....


It's probably easier if you can just decrypt anything you'd like, or encrypt anything with your key:

Have a look at: https://lastpass.com/js/enc.php

This will allow you to enter your lastpass username/password and decrypt any encrypted string or encrypt any encrypted string, and is extremely simple, so you can see what's happening to build your key, login hash, etc. Remember that we at LastPass do not have this key or ever get this key nor do we get your Password which is the main component of this key.

Happy Validating!

Joe
JoeSiegrist
 
Posts: 4132
Joined: Wed Aug 20, 2008 10:40 am

Re: Security ?!

Postby adrfonseca » Fri Mar 20, 2009 12:39 pm

Thank you for the simple page, it helps simplify testing.

Although I'm not able to decrypt the "data" and "ref" variables from the "https://lastpass.com/deliver_and_add.php" http POST.

No problems decrypting the "name" and "grouping" variables...

Any ideas of what might be happening with the "data" and "ref"?

Adriano
adrfonseca
 
Posts: 8
Joined: Wed Mar 18, 2009 11:02 am

Re: Security ?!

Postby JoeSiegrist » Fri Mar 20, 2009 2:10 pm

adrfonseca wrote:Any ideas of what might be happening with the "data" and "ref"?


Data field is just urlencoded, then it is tab separated and new line separated, with encrypted data for values inside, the base64 data should be obvious, ref is just hexencoded, and is only encrypted over SSL (used to download your icons/allow login from the website).
JoeSiegrist
 
Posts: 4132
Joined: Wed Aug 20, 2008 10:40 am

Re: Security ?!

Postby adrfonseca » Fri Mar 20, 2009 2:56 pm

Maybe I'm seeing something wrong here, but it doesn't seem that the data field is only urlencoded or that the ref is just hexencoded...

Look at part of the values on that variables :

data = 123458598349834984398398398498349839834983498349843984...
adrfonseca
 
Posts: 8
Joined: Wed Mar 18, 2009 11:02 am

Next

Return to Feedback

Who is online

Users browsing this forum: No registered users and 7 guests