Troed Sångberg on Nostr: nprofile1q…z5k2y This would be the _single round_ hashed somewhat bad Master ...
nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqwf44gvmu4g6x0gwwjgrnlw0f8dxmvx7h929k057wwv8hwa8clq6s0z5k2y (nprofile…5k2y) This would be the _single round_ hashed somewhat bad Master password users I assume though*? Those should indeed be bruteforceable.
Somewhat surprised users didn't understand that when LastPass did communicate about the single round hashing etc - they could've just moved their crypto to another seed :/
I know someone in cybersec who has on purpose left some small amounts of bitcoin in a wallet where the seed existed in their LastPass account at the time. Those coins are still there - but the user had a strong Master password.
*) if my memory serves me right
Somewhat surprised users didn't understand that when LastPass did communicate about the single round hashing etc - they could've just moved their crypto to another seed :/
I know someone in cybersec who has on purpose left some small amounts of bitcoin in a wallet where the seed existed in their LastPass account at the time. Those coins are still there - but the user had a strong Master password.
*) if my memory serves me right