LastPass Login Process

A flow chart describing a typical (and simplified) LastPass login process. This is based on both LastPass official documentations and their extension JavaScript source code.

salt salt Password Password Email

Email<br> PBKDF2 PBKDF2 Vault Key Vault Key PBKDF2 PBKDF2 Login Hash 1 Login Hash 1 Login Hash 2 Login Hash 2 PBKDF2 PBKDF2 Login Hash 2 Login Hash 2 Salt Salt Compare Compare If matched If matched Session ID Session ID Session Key Session Key Session ID Session ID Session Key Session Key Retrieve Retrieve Encrypted Vault Encrypted Vault Encrypted Vault Encrypted Vault Session ID Session ID Decrypt Decrypt Decrypted Vault Decrypted Vault Encrypted Vault Key Encrypted Vault Key Encrypt Encrypt Email

Email<br> Encrypted Vault Encrypted Vault Authenticate Authenticate Start Session Start Session Client Side RAM Client Side RAM Server Side RAM Server Side RAM Client Side Storage Client Side Storage Server Side Storage Server Side Storage Email

Email<br> Persistent Storage Persistent Storage Cookies Cookies Randomly Generate Randomly Generate salt salt salt salt key key key key Session ID Session ID Email

Email<br> Encrypted Vault Key Encrypted Vault Key Encrypted Vault Encrypted Vault Session ID Session ID Email

Email<br> Compare Compare Retrieve Retrieve Session Key Session Key If matched If matched Vault Key Vault Key key key Decrypt Decrypt Decrypted Vault Decrypted Vault key key Decrypt Decrypt Recheck Session Recheck Session Resume Session Resume Session Browser / Computer Restart Browser / Computer Restart Start with

User Input [Not supported by viewer]

More flow charts coming...