Back when I worked at Mozilla in 2012 a coworker excitedly explained Bitcoin to me and said that "someday the mining difficulty will be so high that it'll be more profitable to mine the keys protecting wallets than to mine new bitcoins". I don't think anyone could have thought far enough ahead to understand how much more trivial it would be than that.
All those consumer gpus in now-illegal Chinese crypto farms are probably hard at work mining for keys. What else are you going to do with them?
> these numbers radically come down when a determined adversary also has other large-scale computational assets at their disposal, such as a bitcoin mining operation that can coordinate the password-cracking activity across multiple powerful systems simultaneously.
Yeah, and the best part is they already paid for the cards and can't use them for mining anymore because they're on their last leg and have been surpassed by newer generations of hardware. I'd bet a lot of the operations that got stinking rich five years ago are absolutely swimming in cards that they'd otherwise just be paying to get rid of. The ROI must be incredible, it's probably just a few hours to crack a key and you get to do a Storage Wars-style walkthrough of the secrets some poor LastPass user thought would be secure.
> All those consumer gpus in now-illegal Chinese crypto farms are probably hard at work mining for keys. What else are you going to do with them?
No, they're still mining Bitcoin. There's absolutely no way to crack secp256k1 keys with even a datacenter GPU. We're firmly in the realm of quantum computers if you expect to crack anything before the heat death of the universe.
> There's absolutely no way to crack secp256k1 keys with even a datacenter GPU
That's not what the article is implying is happening.
> “An Nvidia 3090 can do roughly 4 million [password guesses] per second with 1000 iterations, but that would go down to 8 thousand per second with 500,000 iterations, which is why iteration count matters so much,” Weaver said. “So a combination of ‘not THAT strong of a password’ and ‘old vault’ and ‘low iteration count’ would make it theoretically crackable but real work, but the work is worth it given the targets.”
First off, GPUs haven't been used for mining Bitcoin for about a decade.
There has been a lot of work being done to crack brainwallets, also there are a number of leaked/hacked/shared wallets that people are working on cracking. There have also been a number of wallets generated with weak RNGs which get cracked, vulgarity wallets etc, and of course, the LastPass vaults as described in the article.
> All those consumer gpus in now-illegal Chinese crypto farms are probably hard at work mining for keys. What else are you going to do with them?
Seems like quite the leapfrog there without substantive evidence, unless in today's America you can simply short circuit as long as there's 'Chinese' somewhere in there.
The crypto farms are illegal due to a change in Chinese law. I'd wager it's mentioned because China had the largest set of mining on the planet before the CCP outlawed it. The most likely thing to happen to all of that GPU hardware would be to either dump it as used stock, which a lot of it has been, or to repurpose them. The only things to repurpose them to would be hacking or AI/BOINC/etc.
Or because it was a major news story when China banned Bitcoin mining in 2021 and the hash rate dropped 50%? Where do you think 50% of the global Bitcoin hash rate went almost overnight?
They broke my trust multiple times across my ~9 yrs as a customer. They failed to use enough iterations, they failed to update my vault to the right number of iterations when they discovered the flaw, they failed to keep the weak vault safe.
This spring I spent a good 2-3 days pruning old accounts, I used 1passwords migration tool (which worked flawlessly)[1], and changed every password that had any monetary or identity value. I've definitely been targeted for attacks in the ensuing months as numbers keep texting "Hi <name>" or other kinds of (spear) phishing.
At this point I don't really know how to protect my self and think it's mostly 2factor thats kept me safe.
>...it would take a single GPU about a year to crack a password of average complexity with 500 iterations, and about 10 years to crack the same password run through 5,000 iterations.
>However, these numbers radically come down when a determined adversary also has other large-scale computational assets at their disposal, such as a bitcoin mining operation that can coordinate the password-cracking activity across multiple powerful systems simultaneously.
Wow. I'll bet Satoshi didn't consider this second order effect of the proof of work scheme. People who build energy intensive mining operations have the means and incentive to turn their mining operations on existing accounts when that becomes more lucrative than creating new blocks.
Pretty sure Bitcoin mining has been ASIC dominated for ~8 years now. Maybe you could point at Eth which only just recently moved away from being GPU heavy.
Furthermore, mining ASICs bake in assumptions about the structure of x as an optimization. I'm not sure they can even be used to hash arbitrary values of x.
Is cracking a sha256(x) the same runtime as sha256(sha256(sha256(sha256((x)))))? I remember the first time I saw bitcoin's double use of sha256 like this, and I was confused as to whether there is a security benefit to this.
Why oh why haven't they pushed an update that made it easy to identify and change passwords that were leaked. They have the feature to identify weak or compromised passwords ALREADY.
Instead a user still has to create a folder for compromised secrets, change them and move them out of the folder one by one. Best of all, users would hit a bug where moving entries to/from shared folders would destroy the entry.
Edit: at least let the user (or entreprise admin) mark a vault as compromised. Must have been an absolute nightmare to get corp users to rotate their passwords.
Sounds like they're banking on uneducated users not finding out about the breach and continuing to pay them - although I don't use the product, so I'm not 100% on that.
Do you know/can you share any info about how weak that person's password was? So people have an idea what to expect in terms of what can/has been cracked.
I know that 1password has a far better track record than LastPass, but this is an argument against their removing local vaults and not offering on-premise storage.
I'd trust a (trustworthy) password manager with most things, but I think wallet keys or similar are more of a post it note in a locked safe kind of thing (+ committing it to memory). Maybe a passworded encrypted flash drive in a hole in a tree stump somewhere as a second backup in case my house burns down.
I agree. Crypto currency private keys are something that is better stored offline instead of online. I'm comfortable storing my online banking password in an online password manager as I know even if these credentials are leaked, there are still anti-fraud department and maybe insurance protecting my money in the bank. But with crypto currency private keys? If they are leaked, those crypto currency would just be gone without any way to do a "stop payment" or something.
This is why I simply don't understand the modern approach in Password requirements, while yes, it is simply too easy to crack a password if it's somewhat simplistic.
I've been on websites where they force you to update your password every X months (and it has a lot of special key requirements) and you cannot reuse old passwords (which would really not be a problem regarding cracking... unless they store your old passwords... which is counter productive...)
It basically turns into being unable to memorize all your passwords and being forced to use a service like this, which OBVIOUSLY any genius knows eventually will get hacked and your passwords leaked, ALL your passwords, at the same time.
If you instead attempt to memorize (like I do) because of all the different cases in which you have to swap passwords, you end up with at least 20 passwords you gotta memorize for every site...
I actually absolutely hate how the web works today especially regarding logging in.
The rotation requirement is possibly misguided but does solve the problem where the passwords were leaked months ago. If everybody affected had rotated passwords three months later, this problem wouldn't even exist today.
Old leaks often show up a long time later. A lot of people had yahoo? email accounts hacked because they used the same linkedin? password, but the leak was from years prior. If yahoo had required rotation, the password list would have been useless by the time it circulated.
There are large companies out there (example: Orbia) who explicitly recommend ONLY using LastPass as a password manager to their employees "for security".
LastPass will remain dominant until someone else with similar functionality offers a free tier. 1Password is similar functionality, but you have to subscribe after 14 days and that drives alot of people away even if they can afford it. And so LastPass has most of the mind share, and thus most of the sales.
Speaking of the Rise and Fall of password managers, Bitwarden has served me well for years but lately it has started to get reallly slow for my friends and I. Is there a newer cooler kid on the block?
Lastpass has been sketch for years but AOL was still making money thanks to those CDs and email addresses last I checked. My chase card also recommends lastpass in their app’s shopping section.
Is it because these people didn’t know about the breech or just didn’t update their passwords?
I mean I understand not immediately changing the password for some online fan fiction forum, but I’d assume you’d at least put changing your password for your dozen or so important financial/email/health accounts on your todo list?
Changing your password wouldn't help in this case. They used lastpass to store their crypto wallet seed phrase - this can't be changed. They would have to move to a new wallet and pay transfer fees in the process.
Yeah I guess some people also don’t want to go through the hassle or cost to change the locks on on their actual homes when their keys are compromised/move into a new home
Considering it cost me $750 to rekey all my locks and now one can duplicate keys from just an image, I don't think I would rekey ally locks every time my key is visible in public (which one should consider compromised).
People don't know and don't know to care. People think it's enough to disclose breaches, to send an email, whatever, and other people happily go about recommending password managers as some kind of magic silver bullet, but if you're not tech savvy, and if you're not security savvy, you're honestly no better off.
Most non-technical users of LastPass probably aren't even aware of the breach(es). LastPass was not exactly clear about the breadth of the impact. All their announcements were obfuscatory emails during the holidays.
Maybe we should store our credentials on fully publicly accessible network using an enormous key. This way, at least there is no surprise when a breach occurs and it isn't necessary to trust dummies like LastPass to have good practices - only trust yourself and the quality of your key. The good guys can let people know if their key sucks and there might be some auditing of the bad guys. Eventually the bad guys will stop bothering since they won't be able to crack anything (with current technology).
What I do is use zx2c4 pass ( https://www.passwordstore.org/ ) where every password is encrypted by several gpg public keys, of which the secret ones are stored on several Yubikeys in openpgp mode.
This way there is no "master password". You need one of the keys and its PIN even if you have the encrypted passwords. Anyone with access to the encrypted files would need to brute force a truly random RSA2048 key which is NSA territory (and elliptic key can also be used now). Or steal one of the yubis and crack the hardware because the PIN is limited to 3 attempts just like on a bank card. Or attack the endpoint which is feasible with any password manager, in fact mine has extra protection because the yubis require a touch for every decode.
Clients are available on desktops (CLI and with GUI) and Android. iOS is sadly not possible because you need more access to the NFC chip to talk to OpenPGP smartcards than Apple allows. They only allow fido2 and basic tags. I wonder if this could be done with fido2 hardware backing but for now it's not possible.
This attack in the article uses the fact that the encryption key is directly derived from the master password using a key derivation algorithm. I'm surprised there is no commercial password vault that uses hardware-backed security like I do because it doesn't have this vulnerability which is clearly an issue in the real world.
With hardware backing there is no delicate balance between usability (waiting for the master password to go through the key derivation) and security (a feasible brute force attack) because these two items aren't directly related. This kind of breach shouldn't have happened.
>> Anyone with access to the encrypted files would need to brute force a truly random RSA2048 key which is NSA territory (and elliptic key can also be used now).
I'm thinking the canonical example of an open network is Bitcoin. Here, everyone knows the public key and could potentially crack the private key from it (for enormous gain obviously). Just do the same thing with a sufficiently large AES key for example.
Access controls to the vault do place a high burden on the service operator, but without it, I believe users with semi-weak passwords would get picked off left and right.
You would have to disallow weak passwords. It should be at least as cryptographically hard to crack as (the also fully public) Bitcoin network. Also, turn the bad guys into good ones by offering a reward for any cracked credentials (if the credentials are not used within a particular period of time). Seed the system with fake credentials that can be used by authorities to track down criminals (if used of course). Essentially, build a game with the right incentives.
That's unfortunately very hard: Determining what constitutes a weak password is computationally more expensive than actually attacking a database dump of many weak password hashes.
> turn the bad guys into good ones by offering a reward for any cracked credentials
What bad guy would take your reward if it's lower than the value at risk? And if the reward is higher – how would you fund that?
> Seed the system with fake credentials that can be used by authorities to track down criminals
How? This might work for online account takeovers, but not for the problem discussed in the article, i.e. compromised crypto wallets.
Unfortunately I think you might have some work to do: it might be a good idea to change all your passwords stored in LastPass up until last year, and I'd suggest changing passwords for high-value and financial sites ASAP. I still have low-priority sites to migrate myself, this article is a nice reminder.
Anyone please correct me if there have been updates here:
In August-October 2022, attackers obtained, among other things, backup files containing LastPass users' vaults. I don't think the company mentioned what timeframe the backups covered, or whether this contained vaults from users who already deleted their accounts.
A vault file contains both plaintext and encrypted information. The Secure Notes function which might be used for, say, crypto seed phrases, was encrypted. Passwords are encrypted. However the URLs for those passwords are in plaintext, possibly along with last-access time. Someone with your vault can see what sites you have passwords for, before even trying to crack the password. Not great for anyone but especially for high-value targets or for those who are in politically-hostile environments.
Since attackers took the files from the source, it does not matter whether you had 2FA (edit: 2FA on LastPass that is. 2FA, with secret outside of LastPass, for sites in your vault is very beneficial here!). They can throw a bunch of GPUs at cracking our master passwords offline. There's nothing we can do; the horses have left the barn or rather were abducted by UFO.
One other thing that affects mostly older accounts is that while modern best practice is to use 600k+ password hash iterations, some users had far smaller numbers, like 5000, or 500, or 100. Or even 1. Not joking. LastPass could have upgraded users on login for years--I believe they do now, but that has no benefit to the compromised data.
[1] is an article on what might have happened: engineer with high-level credentials logged on from a home machine that was compromised from an old version of maybe-Plex (which fixed the relevant vulnerability long before). And of course the company had security practices that allow engineers to access the kit and caboodle of user vaults from their home machines, even if indirectly. In the end it seems this was caught due to Amazon's automated warnings around certain IAM change actions.
ETA: I do appreciate the difficulty of guarding high-value data against determined adversaries. I also wish LastPass would have been more forthcoming as to the details here; to my knowledge they haven't provided exact details on what was taken, or suggested users change passwords in vaults as of October of last year. Is this still correct?
I mean, duh? Anything that gets breached and leaked will obviously end up in various lists, and has always been doing so.
> In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.
> longtime cryptocurrency investors, and security-minded individuals
I'm not sure how "security-minded" you are if you, months after a breach of your password manager, still haven't changed all the involved passwords and keys, especially those involving things worth a lot of money!
I thought about that also, and then one of the victims I talked to brought up a good point. An 8 character password with symbols and numbers doesn't sound like a great password today, but many of the accounts getting drained were tied to people who were very early LastPass users, and mostly longtime investors. Back then, affordable GPUs that can do 4 million hash cracking attempts per second weren't really a thing.
What I found was a lot of people made security assumptions and never revisited those assumptions. Or never fully did.
> What I found was a lot of people made security assumptions and never revisited those assumptions. Or never fully did.
I appreciate that KeePassXC has a feature to audit your passwords (Database -> Database Reports -> Health Check), which tells you which of your passwords are weak / should be changed.
Underrated feature, really. And most folks don't even know it's there. It also shows your health level on each password entry in the normal vault lists as a color square and when you open your entry as a colored line.
Seems like it (the "Security Dashboard"). In fact, it looks like it uses the same standard library for calculating entropy (zxcvbn). I didn't know offhand, since I've never used LastPass.
My point is that if your password manager allows you to readily identify which of your passwords are insecure / have been compromised, that's a very useful tool to revisit any previous security assumptions you may have had.
If that feature were to be implemented truthfully, it would have to report “go and change all of these; we were compromised and your master password was probably not secure enough” (i.e. based on the master password’s strength in addition to that of stored passwords).
> I pushed Lastpass to my company in 2017, made everyone use 24 char.
Do people actually memorize that?! If so, I strongly suspect that these pass phrases have much less entropy than 24 truly random characters would allow.
Five English words have an entropy of about 55 bits [1] "Spicing them up" probably adds a handful more, but not much.
That's about as much as a 12-character truly random case-insensitive alphanumeric password without special characters (log2(36^12) = 62).
> In 6 years I have had zero password reset requests.
What do you mean by that? This can mean that either your scheme is secure, or that nobody has ever attacked it (or you haven't found out that it did happen).
Depends if you are counting correct and common English words. But yea it’s close to about 12 char anything you can hit on a keyboard entirely random. I figured 3e23 vs 4e23, you know “close” ;)
Now… get 80 people to remember a 12 char randoms.
No resets means no one has forgotten their pass phrase. I can not be just explaining passphrases to you now.
But also, spicing a pass phrase up is huge and not just a few bits more entropy. You go from 24 chars that are 5 word options to 24 char almost completely random again.
Honestly, if this is truly the case, LastPass is partially to blame here.
Sure, there's nothing in the TOS contractually obligating them to do this - but starting a low level awareness campaign to warn people with passwords that haven't changed in years about this risk seems like an easy thing to do that a (in keeping with the theme) "security minded" company should be enthusiastic about doing.
You can't nanny everyone, but surely if you're paying for a password manager you'd appreciate these kinds of notices.
They did have something like that back when I used it. It would tell you repeated passwords, passwords that have appeared in leaks, weak passwords, etc
> but starting a low level awareness campaign to warn people with passwords that haven't changed in years about this risk seems like an easy thing to do that
Rate of change seems like a very poor signal compared to absolute password strength, which won't change over time. Isn't this already built into lastpass?
Ah, I was talking about OPs comment - it wasn't that passwords weren't changed often - it's that they were created a long time ago when that particular length/complexity was thought to be enough.
I see what you're saying, but 8 characters was also considered not enough 20 years ago. Naturally it takes a long time for good practices to propagate but
LastPass was founded in 2008, and an 8 character master password was clearly inadvisable back then, as it was already in the nation-state-can-crack-it territory, and computing power was rising rapidly.
I started using 1Password in ~2010, not long after the founding of LassPass, and my first master password was 30+ characters, 90+ bits of entropy. After a few years I upgraded to 50+ characters, 140+ bits of entropy. Good luck cracking that even if only one round of PBKDF2 is used.
But I suppose you have a fairly loose definition of "security-minded".
I totally agree that Password managers lead to bad security practices. Yeh your a mhad dog for easily generating different complex passwords for every websites, but at the same time you paint a massive target on your head being part of the honey-hole.
Based on history, if you store a password in a obfuscated location on your computer, and you copy and paste it into every websites, its more secure then using a password manager in my opnion. Sure you wont be able to login to every secure websites from every device you have; but SHOULD you be? What is the price of that convience?
I don't know how your comment is in any way related to mine, as I was responding to the claim that 8-character master passwords were considered safe <some time in or after 2008>. TFA also doesn't mention any evidence of keylogging.
> longtime cryptocurrency investors, and security-minded individuals
I'm not sure how "security-minded" you are if you used a centralized, network-accessible password manager service in the first place.
Actual security minded folks keep their password vault on an air gapped machine they maintain full, physical control over.
The kind of people who use centralized, networked password managers are, by definition, those who prioritize convenience over security in the first place.
Sure, using something like LastPass is better than just saving all of your passwords in your browser, or just using one password everywhere.
Citing this as evidence someone is security-minded is like saying someone is environmentally conscious because they recycle aluminum cans, despite driving a Hummer H2 and burning the rest of their trash.
Is it better than nothing? Absolutely. Does it make them an environmentalist/security-conscious person on it's own? No. Does it make up for the other shortcomings in strategy? Nowhere remotely close.
It's a half-assed baby step for people who want to LARP as being serious about their goal (environmentalism or security), without the slightest ounce of inconvenience to their otherwise completely polluting/insecure habits.
Keep driving your H2 and telling yourself you're environmentally friendly.
Keep using your PMaaS (password manager as a service) and telling yourself you care about security.
Being serious - if the system is already not able to get anywhere, nobody needs to authenticate on it or with it. If you have passwords there, they don't _do_ anything.
I'm pretty security minded - the word "security" is in my job role - but my password vault is in Google Drive. I need to have it on many machines, and I want it to be backed up. I know my limits - I don't have the hardware and software infra and expertise that Google does - so I trust them with that data. Could it bite me? Yes, but it would require someone a) downloading my passwords file and b) decrypting it. That's enough steps that I'm confident that I'm safe enough.
Get read and re-entered by exactly 1 person, the only person who's authorized to read them.
Oh, sorry, you wanted to copy and paste because you didn't think twice about the security of your clipboard, whether other userland programs are reading your memory? My bad.
> I'm pretty security minded - the word "security" is in my job role - but my password vault is in Google Drive.
I'm on a corporate red team. People like you with your mindset are why I have a job and why big breaches of F500's that "care about security" will always keep happening.
You don't prioritize security, you prioritize convenience, and security is a nice add-on to your convenience.
By all means, please continue doing things exactly as you do - my bank account and I will forever be grateful for folks like yourself. Never stop prioritizing your absolute convenience!
> Oh, sorry, you wanted to copy and paste because you didn't think twice about the security of your clipboard, whether other userland programs are reading your memory? My bad.
What do you do about keyloggers?
> People like you with your mindset are why I have a job and why big breaches of F500's that "care about security" will always keep happening.
And attitudes like this are what sours the relationship of regular users (who are not opposed to security but don’t consider achieving it their main objective) and the security/IT/… team of their company.
Provide users an actionable, practicable alternative to their existing insecure practice, or you haven't solved any problem. Ridiculing or belittling your user base doesn't help either.
This is a PERSONAL store. Not a corporate store. If this gets busted, I’m out a lot of money, but my company is very safe.
If you have expertise here, I’d be very interested. What is your backup and restore solution? How do you guarantee that your files are safe?
I’m still not sure that we’re using the same definition of “air-gapped” here. From my experience, and air-gapped system is one that is entirely off the network. Like you said, one user, but the system is gapped because there is something dangerous on it. Airgapped systems are used for research. The user should always have root privileges (they can’t mess anything up too badly, and if they do, image the machine or dispose of it in a fire or whatever) so… again, why passwords? What do they do? What do they protect?
> .. why passwords? What do they do? What do they protect?
They protect data/accounts on other machines. Similar to a piece of paper you'd write a password on but probably with added encryption, which would be difficult on paper.
Want to sign into account XY on the internet connected machine? Just look up the password (which might be a hard to remember sequence of characters) on the air gapped password machine.
Passwords on an airgapped system stay there where you type them across from that one to another one when you want to authenticate to something. Which, in this model, I suppose you have to do a lot, since obviously no one really security-minded would save a password in a browser. So I hope that airgapped machine isn't too heavy or can't run on batteries.
Password managers don't need gigabytes of memory, terabytes of storage, and a big, power-hungry x86 CPU. An air gapped machine doesn't necessarily imply a server, a desktop, or even a laptop.
Check out the mooltipass, onlykey, beamu, etc. There exist many such devices - some better than others. Note that this isn't an endorsement of the mentioned products, I just mention them as examples. Note also that not all of these devices constitute a true air-gap, though such devices which can display passwords without any kind of connection (be it bluetooth, usb, etc) can still meet that criteria.
Any password managers with centrally stored databases run the risk of this kind of compromise, no matter how many levels of encryption the companies have promised. The central database is just a big target.
Any security-minded crypto investors would put the cryptos in an offline wallet, with portions of the passphrase written in different papers stored in different safes.
You invest by HOLD. If you trade with exchanges, that's just speculating. Also not your key not your coins. The money will be lost eventually with rug pulls, scams, or hacks anyway. Password being compromised is the least of the worries.
Offline wallet making it slow and difficult to transact is a feature, less chance to be scammed.
Among their many failures, I am still shocked that the notes section for each password was not encrypted. All kinds of assumed-safe info will be in there from secret question answers to former passwords and account numbers. What fool of a project manager pushed for that?
I don’t recommend lastpass but notes were encrypted. This stemmed from an original miscommunication from a CS rep to a customer before it blew up but was later corrected.
I run the Kee extension/plugin for autofilling with KeePass, works without issue in firefox (I have tried briefly in chrome and it seems okay there too, haven't used it nearly as much though).
The warning that displays when bringing up a JavaScript console on their homepage was always enough to steer me clear of that product.
Stop!
reqaccts_js_bundle_jquery_3_6_1?1693888551:2732 This is a feature for developers and researchers! If you are not a developer or researcher, pasting something here could cause your account to be compromised
Why? A password manager's web site would be a natural place I'd expect people to fall prey to self-xss attacks. That they had such a warning there feels appropriate, and likely to be the result of actual attacks against users that they'd seen.
That feels sensible to me. Facebook (used to?) do similar.
The risk here is different but you could imagine someone trying to migrate password managers and pasting a script they found on GitHub that purported to help.
I've always said over and over that password managers are a bad idea and kept getting down-voted each time. It centralizes the risk as it creates a large target for hackers to focus on. A good alternative is to use rules-based passwords; each website/app has a different password based on a common non-obvious rule which depends on the website, app or company you're using.
You realize that if one password leaks, then the attacker learns the rule, and the rule can be used to get anything else? You haven't really made any improvements over standard shitty passwords. The passwords are different, but that doesn't matter.
The legendary researcher Dan Kaminsky had a hash of his password leak when some hacker forum got breached. Turns out the name of the forum was in the password, and by changing that, his password to his twitter, his blog, and his VPS with all his servers were all using the same pattern. It was a bad day for him.
That's why the rule needs to be non-obvious. The rule must be a secret in itself and there is no way that a hacker would figure out the rule from just a single or a couple of passwords.
For example, if I give you a sequence of 2 points, there are an infinite number of functions which could pass through these two points. A hacker who knows 2 numbers would not be able to figure out the other points unless they know the function.
Actually it's weird (to the point of being suspicious) why none of the password managers I know of use this principle for generating passwords from a single master password; then they wouldn't even need to store any of peoples' passwords at all. You wouldn't need password manager companies since it could be implemented as a purely front-end component (e.g. a standalone Chrome extension which doesn't connect to any server). The user would only have to remember a single master password.
You can basically do this using hmac-sha256 hashes to produce an infinite number of new hashes from a single secret seed and it's impossible to figure out hashes based on their sibling hashes and also impossible to figure out the secret seed (preimage) from any hash.
I tried that but it's just really hard to keep up over time -- e.g. I used a rule based on the domain name but domain names change somewhere often. Toss in things like "ugh, which of my three emails did I use on this site" or "which high school teacher did I say was my favorite for this site" and it ends up being a big hairy mess that screams for an encrypted place to stick my notes.
Also, what I consider "non obvious" isn't that non-obvious. Given enough of a sample size, a committed attacker can guess a lot of rules. And if the prize (a crypto wallet) is big enough, they might be motivated enough to give it a go.
By rule, do you mean something like PW = PBKDF2(TLD || master_password), or something like “mysecurepw!amaz0n”? I see the latter a lot, and it makes me quite nervous – it seems quite pattern/AI-iteratable.
I have used that "insecure" system for 20 years. However, over the time I added additional several additional obfuscation levels, especially for accounts with monetary value. And then there are of course site password rules that force me to use various variations to my scheme. Additionally I use a different email address for every account. Those with monetary value are not predictable.
Of course all this became unmemorizable for less frequently used accounts over the years. So I had to use a password manager. However, I store only the rule/hint to generate the email address and password, not the data itself.
Could dedicated hacker with a keylogger learn my scheme? Absolutely yes. Am I afraid of any automated attack? No. I guess the keylogger is the real threat here. Once I am infected with that, the dedicated hacker can save their effort to learn my schemes. (Where I use keylogger in a wide sense, covering accessing your clipboard / browser input fields.)
All those consumer gpus in now-illegal Chinese crypto farms are probably hard at work mining for keys. What else are you going to do with them?
> these numbers radically come down when a determined adversary also has other large-scale computational assets at their disposal, such as a bitcoin mining operation that can coordinate the password-cracking activity across multiple powerful systems simultaneously.
Yeah, and the best part is they already paid for the cards and can't use them for mining anymore because they're on their last leg and have been surpassed by newer generations of hardware. I'd bet a lot of the operations that got stinking rich five years ago are absolutely swimming in cards that they'd otherwise just be paying to get rid of. The ROI must be incredible, it's probably just a few hours to crack a key and you get to do a Storage Wars-style walkthrough of the secrets some poor LastPass user thought would be secure.