3

How does the "emergency access" feature of LastPass work? I can't find detailed information about the used cryptographic methods.

How can I be sure that LastPass is not keeping a copy of my master-password to decrypt the files in case of an emergency access request?

S.L. Barth
  • 5,486
  • 8
  • 38
  • 47
amprantino
  • 171
  • 3
  • 7
    Did you try to search for it on Google first? https://helpdesk.lastpass.com/emergency-access/ – Michael Jan 07 '16 at 14:16

1 Answers1

5

While the strict answer to the question can be found in the LastPass Help Centre, what is interesting on the info they provide is that by enabling it you make your account as secure as the master password of the relying party (on a threath model where the attacker has access to encrypted data like lastpass has).

If you have a strong one, but the other person uses a weak one, the attacker (or lastpass) could get into your passwords.

guntbert
  • 1,825
  • 2
  • 18
  • 21
CristianTM
  • 2,532
  • 15
  • 20
  • Exactly that. And why the Emergency Access contact can't use his private key without authorization from lastpass and decrypt the key, and so the files, sooner that allowed? – amprantino Jan 07 '16 at 14:59
  • The trusted contact does not have access to the encrypted key before they provide it. The security is that they wont provide it and probably put a good effort on avoiding anyone has access to it before the date too. That is, of course, a potential security problem. – CristianTM Jan 07 '16 at 15:21