I-LastPass ngumphathi wephasiwedi we-freemium ogcina amagama ayimfihlo afihliweyo efini, eyaphuhliswa yinkampani iMarvasol, Inc.
Abaphuhlisi umphathi wephasiwedi LastPass, esetyenziswa ngabantu abangaphezu kwezigidi ezingama-33 kunye neenkampani ezingaphezu kwe-100.000, ukwazisa abasebenzisi malunga nesiganeko apho abahlaseli bakwazile ukufikelela kwii-backups yokugcina ngedatha yomsebenzisi isuka kwinkonzo.
Idatha ibandakanya ulwazi olufana negama lomsebenzisi, idilesi, i-imeyile, ifowuni, kunye needilesi ze-IP apho inkonzo ifunyenwe khona, kunye namagama esayithi angabhalwanga agcinwe kumphathi wephasiwedi kunye nokungena, amagama ayimfihlo, idatha yefom, kunye namanqaku afihliweyo agcinwe kwezi ndawo. .
Ukukhusela ukungena kunye neephasiwedi yeendawo, Uguqulelo oluntsonkothileyo lwe-AES lusetyenziswe ngesitshixo se-256-bit esenziwe kusetyenziswa umsebenzi we-PBKDF2 ngokusekelwe kwigama lokugqitha elaziwa kuphela kumsebenzisi, kunye nobude obuncinane bamagama ali-12. Uguqulelo oluntsonkothileyo kunye nokukhutshelwa kwegama lokungena kunye namagama agqithisiweyo kwi-LastPass kwenziwa kuphela kwicala lomsebenzisi, kwaye ukuqikelela igama eligqithisiweyo lithathwa njengento engenakwenzeka kwi-hardware yanamhlanje, inikwe ubungakanani begama eliyimfihlo kunye nenani elisetyenzisiweyo lokuphindaphinda kwe-PBKDF2.
Ukuqhuba uhlaselo, basebenzisa idatha efunyenwe ngabahlaseli ngexesha lokuhlaselwa kokugqibela okwenzeka ngo-Agasti kwaye lwenziwa ngokunciphisa i-akhawunti yomnye wabaphuhlisi benkonzo.
Uhlaselo luka-Agasti lubangele ukuba abahlaseli bafumane ukufikelela kwindawo yophuhliso, ikhowudi yesicelo kunye nolwazi lobugcisa. Kamva kwavela ukuba abahlaseli basebenzisa idatha evela kwindawo yophuhliso ukuze bahlasele omnye umthuthukisi, apho bakwazi ukufumana izitshixo zokufikelela kwisitoreji samafu kunye nezitshixo zokuqhawula idatha kwiibhokisi ezigcinwe apho. Iiseva zelifu ezisengozini zibambe ii-backups ezipheleleyo zedatha yenkonzo yabasebenzi.
Isibhengezo simele uhlaziyo olumangalisayo kwikroba elathi iLastPass yalibhengeza ngo-Agasti. Umshicileli wavuma ukuba abahlaseli "bathathe iinxalenye zekhowudi yomthombo kunye nolwazi oluthile lobugcisa obunini kwi-LastPass." Inkampani yathi ngelo xesha ukuba iiphasiwedi eziphambili zabathengi, iiphasiwedi ezifihliweyo, ulwazi lomntu kunye nezinye iinkcukacha ezigcinwe kwiiakhawunti zabathengi azizange zichaphazeleke.
I-256-bit AES kwaye inokukhutshwa kuphela ngeqhosha elikhethekileyo lokufihla elivela kwigama eliyimfihlo lomsebenzisi ngamnye kusetyenziswa uyilo lwethu lweZero Knowledge,” icacisile i-CEO yeLastPass uKarim Toubba, ebhekisa kwiSikimu sokuFihliswa okuPhambili. Ulwazi lweZero lubhekiselele kwiinkqubo zokugcina ezingenakwenzeka ukuba umboneleli wenkonzo aqhekeze. I-CEO iqhubekile yathi:
Ikwadwelise izisombululo ezininzi ezathathwa yiLastPass ukuqinisa ukhuseleko lwayo emva kokwaphulwa. Amanyathelo abandakanya ukuyekiswa kobume bophuhliso obuqhekekileyo kunye nokwakhiwa kwakhona ukusuka ekuqaleni, ukugcina ukubonwa kwesiphelo esilawulwayo kunye nenkonzo yokuphendula, kunye nokujikelezisa zonke iziqinisekiso ezifanelekileyo kunye nezatifikethi ezinokuthi zithotyelwe.
Ukunikezelwa kwemfihlo yedatha egcinwe yi-LastPass, iyothusa into yokuba uluhlu olubanzi lwedatha yomntu lufunyenwe. Ngelixa i-hashes ye-password eqhekezayo iya kuba yimithombo yobutyebi, ayiphumi kumbuzo, ngakumbi inikwe indlela kunye nobuchule babahlaseli.
Abathengi be-LastPass kufuneka baqinisekise ukuba bayitshintshile i-Password yabo eyiNtloko kunye nawo onke amagama agqithisiweyo agcinwe kwivault yakho. Kufuneka baqinisekise kwakhona ukuba basebenzisa useto olugqithisa useto lwe-LastPass olungagqibekanga.
Olu lungelelwaniso luchwetheza amagama ayimfihlo agciniweyo kusetyenziswa i-100100 iterations ye-Password Based Key Derivation Function (PBKDF2), iskim se-hashing esinokwenza kube nzima ukuqhekeza amagama ayimfihlo amade, awodwa, kunye nophindaphindo lwe-100100 olwenziwa ngokungenamkhethe phantsi kwe-OWASP-recommended threshold of 310, ukuphindaphindwa kwe-PBKDF000 ngokudityaniswa ne-SHA2 ye-algorithm ye-hash esetyenziswa yi-LastPass.
abathengi LastPass kufuneka balumke kakhulu malunga nee-imeyile zokuphinga kunye neefowuni ezithi zivela kwi-LastPass okanye ezinye iinkonzo ezifuna idata enovakalelo kunye nobunye ubuqhophololo obuxhaphaza idatha yakho yobuqu ethotyiweyo. Inkampani ikwabonelela ngesikhokelo esithile kubathengi beshishini abaye baphumeza iinkonzo zokungena ezidibeneyo zeLastPass.
Okokugqibela, ukuba unomdla wokwazi okungakumbi ngayo, unokujonga kwiinkcukacha Kule khonkco ilandelayo.