Abathuthukisi bemenenja yephasiwedi i-LastPass, esetshenziswa abantu abangaphezu kwezigidi ezingu-33 nezinkampani ezingaphezu kwezinkulungwane eziyi-100, bazise abasebenzisi ngesigameko ngenxa yokuthi abahlaseli bakwazile ukuthola amakhophi ayisipele wesitoreji nedatha yabasebenzisi besevisi. . Idatha yayihlanganisa ulwazi olufana negama lomsebenzisi, ikheli, i-imeyili, ucingo kanye namakheli e-IP lapho isevisi ingene ngemvume khona, kanye namagama esayithi angabhaliwe agcinwe kumphathi wephasiwedi nokungena, amaphasiwedi, idatha yefomu namanothi kulawa masayithi agcinwe ngokubethela. ifomu..
Ukuze kuvikelwe ukungena namagama ayimfihlo kumasayithi, ukubethela kwe-AES kwasetshenziswa ngokhiye ongu-256-bit okhiqizwe kusetshenziswa umsebenzi we-PBKDF2 osuselwe kuphasiwedi eyinhloko eyaziwa umsebenzisi kuphela, enosayizi omncane wezinhlamvu eziyi-12. Ukubhala ngemfihlo nokuqanjwa kwama-logins nama-password ku-LastPass kwenziwa kuphela ohlangothini lomsebenzisi, futhi ukuqagela iphasiwedi eyinhloko kuthathwa njengento engenakwenzeka kwi-hardware yesimanje, uma kubhekwa ubukhulu bephasiwedi eyinhloko kanye nenani lokuphindaphinda kwe-PBKDF2 elisetshenzisiwe.
Ukuze benze lokhu kuhlasela, basebenzise idatha etholwe abahlaseli ngesikhathi sokuhlasela kwangaphambilini okwenzeka ngo-Agasti futhi kwenziwa ngokuphazamiseka kwe-akhawunti yomunye wabathuthukisi besevisi. Ukugebenga kwa-August kuholele ekutheni abahlaseli bathole ukufinyelela endaweni yokuthuthukiswa, ikhodi yesicelo, kanye nolwazi lobuchwepheshe. Kamuva kwavela ukuthi abahlaseli basebenzisa idatha evela endaweni yokuthuthukiswa ukuze bahlasele omunye umthuthukisi, ngenxa yalokho bakwazi ukuthola okhiye bokufinyelela kusitoreji samafu kanye nezihluthulelo zokukhipha idatha kusuka ezitsheni ezigcinwe lapho. Amaseva amafu asengozini asingathe izipele ezigcwele zedatha yesevisi yokukhiqiza.
Source: opennet.ru