Submitted by BasedSweet t3_10z1kx5 in technology
mrDragon616 t1_j85fdig wrote
Reply to comment by jmpalermo in Millions of passwords stolen from LastPass earlier than company disclosed: Report by BasedSweet
Wouldn't that be the same as a hash password? Or wouldn't it be better if everything was hashed as opposed to it being encrypted by it's master password?
jmpalermo t1_j85g5cn wrote
Hashed passwords are only useful for verifying somebody has the password. So if you are a website, you store only a users password hash, then when they try to sign in, you hash the password they’re logging in with to verify it matches.
You can’t reverse a hash back into the original password though.
So for you to be able to retrieve your passwords from LastPass, the password must be stored, not just the hash.
mrDragon616 t1_j85i8aq wrote
Oh ok that makes sense. Thank you!
Viewing a single comment thread. View all comments