@wizardprang Do you have good candidates for packet inspection? What about encryption? Is there a problem that decryption isn't possible? It would create an interesting dilemma: 1) weak encryption makes transparency better, at obvious cost to security. 2) strong crypto makes it less transparent :)
Why did he went through so much trouble to calculate number of variations.Its just
62 (number of the characters) to the power of 10 (length of the password) and its 8.39 x 10 to the 17th.
Other than that LastPass works like a charm.I've been using it for a few days now and except that autofill doesnt work on couple of sites I didn't had any problem.They deserve far more than that dollar for a premium.
Steve / Leo, thanks very much for such an informative discussion about Lastpass. It just further reaffirmed much of what I already thought about the system that I've been using for a 18+ months. You explained some of their encryption and other security related framework / workings better than I believe Lastpass themselves do on their own website. So again, big thanks for doing that.
I definitely had my doubts about my trusting my passwords 'into the cloud', but in retrospect, very glad I did.
Short story, if you use a long good master password, you dont have to trust them, even if they are evil or servers get attacked, if you attempt to bruteforce AES 256, the information might get decrypted for your grand-grand-grand-grand children to look at, or said otherwise, when the human race has move civilization to mars.
Citrix is a ripoff, all their products are overpriced and there are better, free alternatives out there. Instead of paying out the ass for GoToAssist, check out TeamViewer (it's free)
Is Steve Gibson trustworthy? In five years of podcasts I have yet to see him being called out over a major issue. That he is humble enough to correct errors on the show makes him more trustworthy than most for-profit corporations who never "admit to wrongdoing". We all trust Google with our passwords with neither source nor audit. You've got to draw the line somewhere.
I use LastPass and I trust them. They have too much to lose if they mess up.
@wizardprang I love lastpass too. Of course there's the eternal question, beyond actual corporate policy - and every professional knows this: the government can intervene when 'security' or other interests are in line of fire. And this clause is usually quite wide, allowing also abuse.
@fytubevw Agreed - if TPTB want your data there's not much that you can do to stop them. However, it is my understanding that all that LP stores is an encrypted blob of pseudo-random noise: for them to make sense of it they would have to get the key from you.
Bottom line: There is no such thing as perfect security. We'll just have to settle for "good enough" :)
Only problem is that they haven't been security audeted, and there is no source availible. There is no way to check of they do everything they say, such as not storing your password, encyrpting properyly, or making sure they aren't sending back you passwords
@kappuru Hah! I subscribed to you back in 2006 after seeing your response to "first try", wow those were simpler times. The times of TheHill88, lonelygirl15, Renetto, thewinekone still being popular, and everyone still trying to figure out the site. I never expected you to work for LastPass so this was the last place I'd expect seeing your name. ;-p
@pulseforce yeah, we all grew up, haha. I didn't want to be an internet celebrity and things were getting a little crazy (stalkers already, etc) so I decided to stop making videos. Glad you like LastPass, I'm the graphic designer there!
@kappuru Hehe yeah, this site has grown up as well. I definitely miss the sense of awe from those early days, seeing all those regular people popping up out of nowhere. It was a really creative time. The site has kind of settled now and everyone is trying too hard these days to overproduce and appeal to as much people as possible for revenue reasons. Still a lot of great people on it though. I'm surprised to hear you were stalked, you don't have boobs! (or... maybe you do and I haven't noticed)
@bestSVMS I understand that some source is available - but what you _can_ do is analyze the packets going out of your computer, so you can see what they are getting.
@wizardprang Do you have good candidates for packet inspection? What about encryption? Is there a problem that decryption isn't possible? It would create an interesting dilemma: 1) weak encryption makes transparency better, at obvious cost to security. 2) strong crypto makes it less transparent :)
fytubevw 2 months ago
52:44 for those who are trying to get to the meat of the matter.
rodrigojaro 4 months ago 4
good video
misha4pats 6 months ago
Why did he went through so much trouble to calculate number of variations.Its just
62 (number of the characters) to the power of 10 (length of the password) and its 8.39 x 10 to the 17th.
Other than that LastPass works like a charm.I've been using it for a few days now and except that autofill doesnt work on couple of sites I didn't had any problem.They deserve far more than that dollar for a premium.
iWannaHearUScream 7 months ago
Steve / Leo, thanks very much for such an informative discussion about Lastpass. It just further reaffirmed much of what I already thought about the system that I've been using for a 18+ months. You explained some of their encryption and other security related framework / workings better than I believe Lastpass themselves do on their own website. So again, big thanks for doing that.
I definitely had my doubts about my trusting my passwords 'into the cloud', but in retrospect, very glad I did.
mountainguyy 8 months ago
teh cyber polize 0.o
AndrewHume1 8 months ago
This is amazing show and the guy speaking here just rocks
bdjbrowser 9 months ago
This has been flagged as spam show
Lastpass failed in the last few days
LokiV 10 months ago
Comment removed
LokiV 10 months ago
what the hell is the purpose of those 3 black boxes behind steve? theyre so hypnotizin i couldnt even hear him
derZyklusII 1 year ago
we just need to find Steve Gibson's favorite song, lol
torbar 1 year ago
Short story, if you use a long good master password, you dont have to trust them, even if they are evil or servers get attacked, if you attempt to bruteforce AES 256, the information might get decrypted for your grand-grand-grand-grand children to look at, or said otherwise, when the human race has move civilization to mars.
elvigia666 1 year ago
We've used LastPass online for 2 years now, no problems whatsoever, and we store credit cards on every account we use!
We left RoboForm because it was hacked on our systems by a Trojan virus which compromised our financial data.
RoboForm is still hackable (apparently!) and we'd like to keep our Identities ours.
CorporateRule 1 year ago
Comment removed
RWTupper 1 year ago
Citrix is a ripoff, all their products are overpriced and there are better, free alternatives out there. Instead of paying out the ass for GoToAssist, check out TeamViewer (it's free)
rnawky 1 year ago
He mentioned you can only have one SSL certificate bound per IP address. This is wrong, you can have one per PORT on an IP address.
rnawky 1 year ago
Lots of "can-we-trust-them" posts here...
Is Steve Gibson trustworthy? In five years of podcasts I have yet to see him being called out over a major issue. That he is humble enough to correct errors on the show makes him more trustworthy than most for-profit corporations who never "admit to wrongdoing". We all trust Google with our passwords with neither source nor audit. You've got to draw the line somewhere.
I use LastPass and I trust them. They have too much to lose if they mess up.
wizardprang 1 year ago 18
@wizardprang I love lastpass too. Of course there's the eternal question, beyond actual corporate policy - and every professional knows this: the government can intervene when 'security' or other interests are in line of fire. And this clause is usually quite wide, allowing also abuse.
fytubevw 3 months ago
@fytubevw Agreed - if TPTB want your data there's not much that you can do to stop them. However, it is my understanding that all that LP stores is an encrypted blob of pseudo-random noise: for them to make sense of it they would have to get the key from you.
Bottom line: There is no such thing as perfect security. We'll just have to settle for "good enough" :)
wizardprang 3 months ago
gangz im with you, how can we sure about it?
to what i know = don't trust anyone on the net. keep your password only with you and change them from time to time.
keepass can be safe because you can check if it broadcast to the net.
mikycomputers 1 year ago
Only problem is that they haven't been security audeted, and there is no source availible. There is no way to check of they do everything they say, such as not storing your password, encyrpting properyly, or making sure they aren't sending back you passwords
bestSVMS 1 year ago
@bestSVMS You're incredibly wrong about this. If you want to test it out yourself email us at support@lastpass.com.
kappuru 1 year ago
@kappuru Hah! I subscribed to you back in 2006 after seeing your response to "first try", wow those were simpler times. The times of TheHill88, lonelygirl15, Renetto, thewinekone still being popular, and everyone still trying to figure out the site. I never expected you to work for LastPass so this was the last place I'd expect seeing your name. ;-p
pulseforce 11 months ago 3
@pulseforce yeah, we all grew up, haha. I didn't want to be an internet celebrity and things were getting a little crazy (stalkers already, etc) so I decided to stop making videos. Glad you like LastPass, I'm the graphic designer there!
kappuru 11 months ago
@kappuru Hehe yeah, this site has grown up as well. I definitely miss the sense of awe from those early days, seeing all those regular people popping up out of nowhere. It was a really creative time. The site has kind of settled now and everyone is trying too hard these days to overproduce and appeal to as much people as possible for revenue reasons. Still a lot of great people on it though. I'm surprised to hear you were stalked, you don't have boobs! (or... maybe you do and I haven't noticed)
pulseforce 11 months ago
@bestSVMS I understand that some source is available - but what you _can_ do is analyze the packets going out of your computer, so you can see what they are getting.
wizardprang 3 months ago
I'm only six minutes in. This video is incredibly long.
I am excited to hear about last pass tho. Eventually?
Austinmassee 1 year ago
Comment removed
sparcher 1 year ago
Comment removed
sparcher 1 year ago
This has been flagged as spam show
@Austinmassee
Geez, you have the attention span of a 2 weeks old kitten. :)
It starts at 0:52:00 :)
sparcher 1 year ago
@Austinmassee 0:52:00
ZeroSignalZen 1 year ago 9