This would be the _single round_ hashed somewhat bad Master password users I assume though*? Those should indeed be bruteforceable.
Somewhat surprised users didn't understand that when LastPass did communicate about the single round hashing etc - they could've just moved their crypto to another seed :/
I know someone in cybersec who has on purpose left some small amounts of bitcoin in a wallet where the seed existed in their LastPass account at the time. Those coins are still there - but the user had a strong Master password.
*) if my memory serves me right
Troed Sångberg
npub1ze…gn89f
2024-12-20 15:59:51 UTC
in reply to nevent1q…edqj
Author Public Key
npub1zefwsyke7ygwak29yp75xh2mgujwmzrh7anucur7z0vzgsq9465ssgn89fSeen on
wss://relay.momostr.pinkPublished at
2024-12-20 15:59:51 UTCEvent JSON
{
"id": "77c22a7aeeff95a16918e4a380add01b320a9c509bf00f6ca3857ebe4f344d15",
"pubkey": "1652e812d9f110eed945207d435d5b4724ed8877f767cc707e13d8244005aea9",
"created_at": 1734710391,
"kind": 1,
"tags": [
[
"p",
"662250ce4d037de109a64a6a0230f7899f922b76346388b3e7ca06fe9490358d"
],
[
"proxy",
"https://ioc.exchange/@troed/113685980187743286",
"web"
],
[
"e",
"d103a47a9e37002e3ce783513b182dd431b2b91ae8ff3da21e32fea55f16d3d5",
"",
"root",
"662250ce4d037de109a64a6a0230f7899f922b76346388b3e7ca06fe9490358d"
],
[
"proxy",
"https://ioc.exchange/users/troed/statuses/113685980187743286",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://ioc.exchange/users/troed/statuses/113685980187743286",
"pink.momostr"
],
[
"-"
]
],
"content": "This would be the _single round_ hashed somewhat bad Master password users I assume though*? Those should indeed be bruteforceable. \n\nSomewhat surprised users didn't understand that when LastPass did communicate about the single round hashing etc - they could've just moved their crypto to another seed :/\n\nI know someone in cybersec who has on purpose left some small amounts of bitcoin in a wallet where the seed existed in their LastPass account at the time. Those coins are still there - but the user had a strong Master password.\n\n*) if my memory serves me right",
"sig": "71c196e1fc977a071662d0cbe16b9dd7a9d7dcf1c680cafdfcd24e0baf497c90b5aef8eafad8a39414cf50577563c47aa89044357c42f261cd84d5b0bf6629e3"
}