Evaluation of LessPass security

[dbosk]

LessPass is a stateless password manager which does not require any storage of the passwords. This is good for usability.

On the other hand, the "something to have" (i.e. the encrypted password database) is removed. Thus anyone can attack this system. Consider the following scenario: Alice signs up for a service which doesn't encrypt passwords, the password database leaks. This password (and site and login) provides a "witness" to knowing the master password for LessPass. Once the master password is verified using the leaked password, any other password is also broken.

So the question is, how difficult is this attack? LessPass uses PBKDF2 with 100 000 iterations and SHA-256. This function is supposedly secure, but how secure must the master password be to withstand differently equipped attackers?