Encrypt whole vault as 1 blob

cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

For more information about the LastPass security incident please visit our blog

Encrypt whole vault as 1 blob

Encrypt whole vault as 1 blob

Due to the issues and news from Augustus/December 2022, we all know that our entries which are shown in a LastPass-app are saved as records in a storage. Some fields are encrypted, but not all. URL's and meta-data isn't encrypted. Due to this design, the data is valuable without spending time to decrypt.

 

In my opinion a whole vault of an user should be stored as 1 encrypted blob in the cloud. When blob(s) are stolen, it's worthless completely, till it's cracked.

4 Comments
dunkirkcastle
New Contributor

Agreed.  Although I understand you do need the password iteration count to not be encrypted.

 

tgoetsch
New Contributor

This should be a requirement, not a feature, I’m leaving the platform after being a paying user on it for most of its existence because not all the data is encrypted and we are now at risk of targeted phishing attacks. I will consider returning only if this feature is implemented and a third party audit has been performed proving security measures have been implemented to better protect user data.

Mark35
New Member

I would also encourage the encryption of the whole blob.  I've put some sensitive information into the comment fields thinking that all this would be encrypted.  I guess that is on me.  If you want my continued subscription, I need you to encrypt all of it.

 

And I don't know if you do this or not, but you might just encrypt our encrypted blob with your own encryption.  That way anyone getting our vault would have to crack your encryption AND then our encryption. 

 

Thanks for listening.

JayMeIn
Active Contributor

The notes (or comments as you call them) on a password record are encrypted.