, AndyC wrote

*snip*

Well, lets at least hope that lastpass is salting that....

https://lastpass.com/whylastpass_technology.php

LastPass strongly believes in using local encryption, and locally created one way salted hashes to provide you with the best of both worlds for your sensitive information: Complete security, while still providing online accessibility and syncing capabilities. We've accomplished this by using 256-bit AES implemented in C++ and JavaScript (for the website) and exclusively encrypting and decrypting on your local PC.