They are encrypting it locally. It isn't anything to doubt- it's been shown time... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

quaunaut on Oct 9, 2015 | parent | context | favorite | on: LogMeIn acquires Lastpass

They are encrypting it locally. It isn't anything to doubt- it's been shown time and time again.

Nowhere in the payload that gets sent to them is your key. The only way you could consider your passwords compromised is if you think there's already a rainbow table out there to decrypt everything, which is ludicrous.

bad_user on Oct 9, 2015 [–]

OK, I don't know how it works then.

Spoom on Oct 9, 2015 | [–]

The encryption happens in a browser extension or mobile app, or in client-side Javascript in the case of accessing it directly through their website.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact