Overview of multiplatform password managers

The news about LastPass hack broke recently. If the user had strong password, the password is not brute-forcable. However dictionary passwords along with passwords that are guessable with mutation and Markov chains can be broken up to length of 12 characters on one GPU even though LastPass’s key derivation function (KDF) using 100000 iterations. This means that if the attacker can crack user’s simple password, the attacker can download the encrypted blob containing passwords from LastPass and use the cracked password to decrypt them. The weakest link here is the password strength.

Read more