Neil Bothwick wrote: > On Mon, 4 Feb 2019 15:59:02 -0500, Rich Freeman wrote: > >>> One reason I use LastPass, it is mobile. I can go to someone else's >>> computer, use LastPass to say make use of Paypal, Newegg, Ebay etc, >>> logoff and it is like I was never there. >> As much as I like Lastpass I would never do that. It isn't magic - it >> is javascript. If there is a compromise on your computer, then your >> password database will be compromised. This is true of other >> solutions like KeePassX and so on - if something roots your box then >> it will be compromised. > I don't see what root has to do with it. If someone gains access to your > box, they can copy the database file and then take their time trying to > crack the password, but you don't need to be root to do that. > >
I might point out, LastPass encrypts the password before sticking it in a file. It isn't visible or plain text. Even getting the file would still require some tools and cracking to get the password itself. Cracking the master password would likely be much easier and doesn't even require access to the box itself, Linux or windoze. Also, LastPass only stores the encrypted password on its servers. Even if LastPass is hacked, the passwords are still encrypted. It's one reason LastPass shouldn't have to worry about getting court orders to turn over passwords. It doesn't really have them. I would suspect that cracking a encrypted password is as difficult as is just poking at a password until it is guessed. Even if a person is using a perfect tool, cracking a password is always going to be possible. The tougher the password, the harder it will be and the longer it will take. Still, it can be done. Using these tools just makes it harder. I'm not aware of a perfect password tool. I doubt one exists or ever will either. ;-) It's still good to pick one, use it and try to be as secure as one can. Dale :-) :-)
