undefined | Better HN

0 pointsjaywalk3y ago0 comments

I would imagine it involves something like encrypting your master password (or more likely some other encryption key that won't change) with their master password as if it were anything else they had stored in their account. The difference is that it's blocked by the time delay.

0 comments

2 comments · 1 top-level

taberiand3y ago· 1 in thread

I think something like that might be how it's done. I don't think they could use the master password directly (at least I hope not, wouldn't that mean transmission of a master password from the client?), though I suppose they might have a mechanism of generating a consistent key pair just from the master password.

However it works, I think LastPass should have a technical section that describes the mechanism in more detail

Thorrez3y ago

LastPass describes how it works at [1].

They also have a technical whitepaper describing a lot of their cryptography including shared folders and recover codes. I found the current version[2] which disables ctrl-f for some reason, and an older version[3] which allows ctrl-f.

[1] https://support.lastpass.com/help/how-is-emergency-access-se...

[2] https://support.lastpass.com/download/lastpass-technical-whi...

[3] https://assets.cdngetgo.com/da/ce/d211c1074dea84e06cad6f2c8b...

j / k navigate · click thread line to collapse