LastPass 1Password Security Crypto Challenge + Bounty

[GeekWisdom]

The other day I tweeted a security tip to remind folks not to use real answers to password reset security questions, and suggested they can store their answers in a tool like LastPass. No sooner did I tweet this then I got this response



I had never heard of this #LastPassHack so when I looked up to it - it send me to a hacker news article from Dec 26, 2021, apparently talking about the apparent compromise of users master passwords.

Except - This should be impossible - since LastPass should not be storing in anyway the users Master Password, so this brought into question a service I have been using and storing data in for many years... could they be lying to me?  should i switch to another service like 1password?

To help answer this question, I decided to setup a little crypto bounty.  If you know how to discover the master passwords of a LastPass or 1password account. I invite you to prove this yourself (anonymously)

I setup 2 accounts, one for LastPass and one for 1password. Inside each of them, I stored the backup phrase for 2 wallets. The 1password one is bitcoin, and the LastPass one is Ethereum.

Bitcoin Bounty Balance: https://bitcoinexplorer.org/address/1PKF8K1e1BFsBpkjXEWVoGgCdWuqqCKc5C ( 0.00107999 BTC at the time of deposit)

Ethereum Bounty Balance: https://www.etherchain.org/account/29cea040fAC4839DAc550558d1A88Afe27bb1466 (0.01702 ETH at the time of deposit).

All you have to do is discover the passwords used for either, access the crypto, and then do a withdrawal of the wallet to win the bounty and prove that one or more of these services are indeed leaking master passwords somehow.

The email addresses used for these vaults are:



The password length is the same for both accounts, and both use the same number of numbers and special characters.

Disclaimer - This is not an invite to hack either of these services, but if you do know how to exploit some type of security flaw this is your opportunity to 'put your money where your mouth is'

If you agree with and want to join in, feel free to make additional deposits to the bounty using these QR Codes



Warning: Money deposited here will not be refunded!

[1714661503]

1714661503

[1714661503]

1714661503

[1714661503]

1714661503

[NotATether]

Here is the Hacker News thread about this: https://news.ycombinator.com/item?id=29705957

Somewhere in the replies, it says the logins were due to a vulnerability in the Lastpass extension (autofill specifically), dating from about 5 years ago[1] and has long been fixed and released in an update[2]

The master password is not stored on Lastpass's servers so this becomes a bug bounty for the Lastpass extension, not the servers.


[1]: https://news.ycombinator.com/item?id=12171547
[2]: https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/

[hugeblack]

If the purpose of the topic is to know if LastPass/1Password can be hacked, it is better to assume that and therefore do not give a lot of information to such services.
In general, there are two aspects that must be distinguished, the first is privacy and the second is privacy.

If you are not interested in privacy, add a password in your brain, for example, xcvbvv, with the first three word of the service as to Facebook, xcvbvvfab, with the password that is stored in such services, which will provide you with additional protection.

But if you're talking about privacy, it's best to stay away from LastPass/1Password service, assume that it can be hacked and run self-hosted password manager.

[GeekWisdom]

It's more about likelihood and trust in the service - then anything else.

All systems can be hacked, all data online can be stolen, but if the data is encrypted by the service provider using a complex password that only I know, then the time it takes to crack becomes technically unfeasible in a brute force attack (given a sufficient security model)

Neither service should have any knowledge of the master password, both services claim they have no knowledge of the master password. Therefore, if the information is stolen it is because of something I did wrong on my end that gave up the password (eg: phishing etc.)

Yep LastPass has been breached, and perhaps even copies of people's encrypted vaults stolen. Perhaps even some of those were stolen in 2005 such that 16 years later brute force was able to identify at least some of the users who had weak passwords.

It is my assertion that the time it would take to access the accounts created above would take more then my remaining lifetime on earth before the data can be accessed. If I am correct then LastPass/1password is providing the correct transparency and security as stated on the website/terms of service.

If I am incorrect, well then, I guess we shall see.

The question remains just how long will it take for someone to find out the keys

1 day
2 weeks
4 months?
1 year?
10 years?
100 years?

My personal bet is somewhere in the 70+ year range, though who knows what will happen in the next 70 years :-)

[TheBeardedBaby]

Why keeping pass online at all? I would not keep any sensitive data online even in a vault.
Instead of those online services I prefer to use an open source and free software like KeePass.
It's the same master password weak spot as all those other managers out there but I would trust it more as it's offline.
Why would you choose to pay for an insecure online service at all?

[dkbit98]

I setup 2 accounts, one for LastPass and one for 1password. Inside each of them, I stored the backup phrase for 2 wallets. The 1password one is bitcoin, and the LastPass one is Ethereum.

This is not a bad idea, but it would be much better if you offered bigger Bitcoin rewards, that way you would attract more attention and give more incentive and motivation to hackers.

The question remains just how long will it take for someone to find out the keys

It will take less time, more money you offer on this addresses.
Maybe you can send more coins each month to keep interest alive.
I recently saw interview and video by Joe Grand aka Kingpin who hacked Trezor wallet, so maybe you should contact him and heard his opinion about this.

I would not suggest using any of this for keeping your password, even if they can work fine for most people. both LastPass and 1password have their own flaws.
Best thing you can use today for your passwords is probably open source software KeePass.

[NeuroticFish]

Since nobody tells about it, I will. OP, you may want to also take a look/consider Bitwarden. It's free, it's encrypted, its source code is on git. (https://bitwarden.com/, https://github.com/bitwarden)
I think that it even had a review here on bitcointalk, but I cannot find it.
It was recommended here: Do you use a Password Manager? Which one is better?

[GeekWisdom]

This is not a bad idea, but it would be much better if you offered bigger Bitcoin rewards, that way you would attract more attention and give more incentive and motivation to hackers.

Yep I agree, that is why I included QR codes for both bounties, anyone who wants can send to those addresses and increase the bounty.

Presently (and ironically be design), if you win the initial bounties you could use it to pay for a 1 year subscription to each service :-)

[dkbit98]

Presently (and ironically be design), if you win the initial bounties you could use it to pay for a 1 year subscription to each service :-)

Or I could just use something that is open source and works great like KeePass for example, and I can use it for free forever 
But I do appreciate your idea and bounty, so let us know if someone manages to crack it.

[robelneo]

Presently (and ironically be design), if you win the initial bounties you could use it to pay for a 1 year subscription to each service :-)

Or I could just use something that is open source and works great like KeePass for example, and I can use it for free forever 
But I do appreciate your idea and bounty, so let us know if someone manages to crack it.

This is very interesting I'm using Lastpass on some websites I am fully aware of its past issues, they are fixing it and enhancing the security to retain their market shares, they are targeting those who are not tech-savvy because it's very easy to use these password managers.

I don't trust Lastpass so I make it a point to create a confusing password every time I create an account and use a password using LastPass I edited the real password by adding the first and last letter of the site and my favorite set of numbers, so the one showing in the LastPass fill form is very much different from the real password.

We'll see if there's progress on this thread and if this thread can shut down lastpass or 1password business.

[GeekWisdom]

Update 1 : Well as of today both wallet balances remain fully intact.

Update 2 : The receive QRCode/ addressees above for 1password and lastpass were reversed so I fixed it

Update 3 : KeePassXC Bounty added

Several people have recommended KeePassXC - Thanks - I have started using it and it is amazing. In addition to just storing passwords, it also does TOTP (Authenticator) and automatically pushes keys to an SSH-Agent.  

So, in that same spirit I created a new bounty for KeePassXC.

To simulate the 'secure online storage' I have put a KeePassXC wallet on dropbox. The login of the dropbox account is



The password of the dropbox is of the same size, and special characters as the 1password and Lastpass.

In addition, the keypass database is protected with a master keyfile. The keyfile is made up of up to 5 key####.dat all of which are also within the dropbox.  A specific order of the .dat files must be combined to make the master key, and not all of the keyfiles may (or may not be used).

For those who do not wish to attempt to 'hack' dropbox itself you can also grab the jpg image at this torrent - https://archive.org/download/keypass-bounty/keypass-bounty_archive.torrent

Inside that jpg image is a zip file, inside that zipfile is a Truecrypt container (keypass-bounty.img).  The password for the container was created from the GRC Perfect passwords - https://www.grc.com/passwords.htm  - 63 random printable ASCII characters:

Once the truecrypt volume is successfully accessed. The same Keypass database,password and 5 master key files exist as in the dropbox.

Inside the KeePass is 2 recovery phrases - one for a BTC Wallet, one for a BCH (Bitcoin cash) Wallet, and a $20 voucher to tryhackme.com

Unfortunately - I did not have as much bitcoin for this one, you can donate more through this QR Code



Note: If the 1password bounty is not successfully accessed within 1 year (Jan 2023), I will transfer the contents of  that bounty into the KeePassXC bounty (because i don't want to kee paying yearly for a 1password system I am not using)

The bounty balance (BTC) Can be found here : https://www.blockchain.com/btc/address/1ESYzsQzNQHXXpstzMiQB625Aptd7ZMgq4

The bounty balance (BCH) Can be found here: https://www.blockchain.com/bch/address/qpd8x8gu9tuhqqsvg6ft6e43e5h7gl3kgq9ete0sut

Good Luck!


I think this challenge will get very interesting as the price increases for all of these crypto's over the next couple of months  

[dkbit98]

Several people have recommended KeePassXC - Thanks - I have started using it and it is amazing. In addition to just storing passwords, it also does TOTP (Authenticator) and automatically pushes keys to an SSH-Agent.

KeePassXC is truly amazing, you can use it on all possible operating systems, it can work fully portable or as appimage for linux, and there are nice browser extension to improve it.
Browser extension is made by KeePassXC Team and it works great in both Firefox and chromium browsers and all their forks.
Note that it's better to keep TOTP Authenticator secrets in separate database from password.

So, in that same spirit I created a new bounty for KeePassXC.

Unless user mistake is made with somebody finding their backup keys, I doubt this will ever be broken and hacked, unless some major quantum change happens in future.

I think this challenge will get very interesting as the price increases for all of these crypto's over the next couple of months  

Maybe you should post this challenge in social media like twitter to have more attention, if you didn't already do that.
I would tag all three accounts for KeePass, lastpass and 1password, and maybe few bitcoiners and hackers like Kingpin aka Joe Grand.

[GeekWisdom]

Using multiple files as key file is overkill and i doubt anyone will successfully crack it (at least not in distant future or very big cost). I expect most KeePassXC user only use password or/and single key file with default encryption configuration.

The purpose of the keyfile is to 'simulate' what I hope a large security company would do when storing my data. ie: they would have a 'vault' of some sort with a 'master key' that all of their  encrypted dat for users is stored in above and beyond my storage itself.

Hindsight being 20/20 -- I should have used the keyfile on the truecrypt container, to better simulate the idea, but oh well.

[Iron Fist]

I think this challenge will get very interesting as the price increases for all of these crypto's over the next couple of months  

Due to the fact that you still have all the private keys and passwords and the funds are readily available to you, it will be interesting to see if anyone else will be willing to contribute to the bounty. 

[GeekWisdom]

Due to the fact that you still have all the private keys and passwords and the funds are readily available to you, it will be interesting to see if anyone else will be willing to contribute to the bounty. 

A good point! - Although I have no intention of touching the bounties in any way


I am open to ideas/suggestions on how I could 'prove' I cannot withdraw things myself?

I could for example claim that I destroyed my copies, but is there a foolproof way of proving somehow a withdrawal doesn't come from me later?

[dkbit98]

I am open to ideas/suggestions on how I could 'prove' I cannot withdraw things myself?

I think it's to late for that now, and people just have to trust that you won't withdraw coins yourself.
One potential way would be to create some multisig setup so that nobody would have full control over keys/coins, or splitting seed words with shamir backup scheme.
Maybe there was a way to create simple script for unlocking coins with some terms but I don't know how to do this.

I could for example claim that I destroyed my copies, but is there a foolproof way of proving somehow a withdrawal doesn't come from me later?

No, as far as I know that is impossible to know.
You could always time limit this challenge and create new from scratch doing it in some better way like I suggested before, but think who would you add and trust as other parties in multisig.

[GeekWisdom]

One potential way would be to create some multisig setup so that nobody would have full control over keys/coins, or splitting seed words with shamir backup scheme.
Maybe there was a way to create simple script for unlocking coins with some terms but I don't know how to do this.

I thought about multisig, but I don't think it will really solve the problem. (Also not 100% sure but I think I can still add multisig even now if I wanted to, just need the public keys of the other signers)

Suppose I multisig 3 users together and then it takes say 2 of the 3 of us to withdraw the funds...then one day someone like Elon Musk drops $1,000,000 bitcoin.

It's going to be awful tempting for those 3 users to simply get together withdraw the funds and split it between the 3 of them.

Similar problem with smart contracts, I could do some type of script/contract then the funds are released when say a specific message is signed  with the private key, but again, if the bounty is high enough, can still work around it, setup a second wallet and 'impersonate' being someone else.

Technically once someone tries to convert the coin to fiat, that last transaction will have a real person associated to it, and the company, coinbase or whatever will know who that was, but it could have passed through hundreds of transactions before that.

It seems that while bitcoin provides transparency, and while I can 'prove' that I own a particular address, there is no way to 'prove' who made the withdrawal.

No matter what way I think of it, there still seems to be a need to have a 3rd party 'trust'

I fear Cory Doctorow might be right in his recent blog article -  https://onezero.medium.com/the-inevitability-of-trusted-third-parties-a51cbcffc4e2

[Iron Fist]

It seems that while bitcoin provides transparency, and while I can 'prove' that I own a particular address, there is no way to 'prove' who made the withdrawal.

I think that's kind of the point. Cryptocurrencies do have some advantages of being pseudo-anonymous. I wouldn't like to see that change.

No matter what way I think of it, there still seems to be a need to have a 3rd party 'trust'

This does not always have to be the case. You can look into the Two-Factor Key Generation (2FKG) process used by Ballet company to create their physical Ballet Crypto cards. A private key is generated in two physically separate locations without either having access to the complete key before it is permanently written on the physical card and protected from tampering. I don't know if something similar can be applied online.

[dkbit98]

Suppose I multisig 3 users together and then it takes say 2 of the 3 of us to withdraw the funds...then one day someone like Elon Musk drops $1,000,000 bitcoin.

Nobody said that you should create multisig setup like that.
Something like 2 of 2 (or even 3 of 3) would work very good and you would need all parties to sign transaction in this case.
Now off course there is a risk in case other party (or parties) refuse to do that or if they lose access to their wallet and backup, than coins are lost forever.
But you are right, some mutual trust is needed for this to work... it's still better than in fiat system that you need to trust 100%  

Technically once someone tries to convert the coin to fiat, that last transaction will have a real person associated to it, and the company, coinbase or whatever will know who that was, but it could have passed through hundreds of transactions before that.

That would be very easy to avoid with simple usage of p2p trading, mixers, decentralized exchanges, centralized exchanges without strict kyc.

It seems that while bitcoin provides transparency, and while I can 'prove' that I own a particular address, there is no way to 'prove' who made the withdrawal.

You could prove that you made withdrawal if you add some personal information or id number known only to you in bitcoin transaction, that you can prove later.
It would be a terrible idea for privacy to know ID's of everyone addresses and who exactly made withdrawals.

This does not always have to be the case. You can look into the Two-Factor Key Generation (2FKG) process used by Ballet company to create their physical Ballet Crypto cards. A private key is generated in two physically separate locations without either having access to the complete key before it is permanently written on the physical card and protected from tampering. I don't know if something similar can be applied online.

But you would need to trust Ballet claims to do what they say, you would also have to trust all manufacturing process, and they are third party in this case.
There are similar paper note wallets that work in similar way, but I don't have control over anything in both examples.
In case of multisig at least I have partial control.

[Iron Fist]

This does not always have to be the case. You can look into the Two-Factor Key Generation (2FKG) process used by Ballet company to create their physical Ballet Crypto cards. A private key is generated in two physically separate locations without either having access to the complete key before it is permanently written on the physical card and protected from tampering. I don't know if something similar can be applied online.

But you would need to trust Ballet claims to do what they say, you would also have to trust all manufacturing process, and they are third party in this case.
There are similar paper note wallets that work in similar way, but I don't have control over anything in both examples.
In case of multisig at least I have partial control.

No, I was not thinking about using Ballet Crypto cards this way, but rather to use their method of creating private keys or seed phrases that no one has full access to. I do not know if this is possible with online storage in a safe and trustworthy manner since they use physical cards.