2

In light of the LastPass hack their use of PBKDF2 had me wondering a few things.

  1. If PBKDF2 with a salt and the Master password is used to generate a vault password every time you type in your master password to access the vault wouldn't that salt need to always be the same?

  2. If so then where is that salt stored and wouldn't that also be in clear text?

  3. Wouldn't the Pseudorandom function also always need to be the same so the right password comes out at the end?

Gunna
  • 21
  • 1

1 Answers1

5
  1. If PBKDF2 with a salt and the Master password is used to generate a vault password every time you type in your master password to access the vault wouldn't that salt need to always be the same?

Yes.

  1. If so then where is that salt stored and wouldn't that also be in clear text?

Usually yes. A secret salt is called a "pepper", it could be mixed in with the salt. But as far as I understood, Lastpass simply uses a random salt. Those are usually stored together with the ciphertext (in this case the encrypted user's database of passwords).

See for instance this answer for more details.

  1. Wouldn't the Pseudorandom function also always need to be the same so the right password comes out at the end?

Yes, it needs to be a deterministic function with identical inputs.

Maarten Bodewes
  • 92,551
  • 13
  • 161
  • 313
  • You can argue if there even are non-deterministic functions if you assume that the randomized values such as a salt are considered input. Human language, eh? In this case though, a salt just needs to be unique and like an IV for decryption needs to be repeated to allow the same result. In this case you could also use some kind of identification of the password vault it is trying to protect. – Maarten Bodewes Dec 28 '22 at 10:34