I'm not saying you have to go that high, but it doesn't hurt anything. It's probably faster on a proper cell phone, but that gives you an idea of what more iterations would look like. On my $150 walmart phone, 1m iterations takes 5.5s to unlock. If you can deal with the added unlock time on your mobile phone(s)/tablet(s), I'd recommend going above the 310k iterations to future proof your vault a bit more. The more difficult you make passphrases for rules-based dictionary attacks to work, the better off you'll be if/when lastpass gets hacked again and someone is going at your vault with password cracking hardware. If you're using xkcd-style passwords, I'd recommend not just using the default - to separate words. However, LastPass does have an advantage over. If you're using a passphrase, I'd recommend at least 5 words (maybe more) with capital, lowercase, numbers, and symbols - not just dividing the words but in the middle of the words as well. Bitwarden also offers a family account for 40 per year, covering up to six users, whereas LastPass charges 48 per year for its family plan. If you're using a random character based password, use at least 10-12 characters. That having been said, it's a good idea to make sure your master password is extremely secure, even without relying on high numbers of iterations on the hashing algorithm. On dedicated hardware intended for cracking hashes, it's probably a lot faster. With advances in technology, it's probably at least 15-20 million on a consumer GPU today. Back in 2015 the numbers for tries/second for pbkdf2 for a single consumer grade GPU was 1.6 million per second.
0 kommentar(er)
