We Can Help
Do you use a salted hash for logging in?
Yes, we first do a 'salt' of your LastPass password with your username on the client side (on your computer, LastPass never gets your password), then server side we pull a second 256 bit random hex-hash salt from the database, use that to make a salted hash which is compared to what's stored in the database.
This is beyond overkill but we want to store nothing that can even theoretically be used to do a dictionary attack against password hashes if LastPass' servers were somehow compromised. We hope having nothing of value makes us less of a target, and that by taking every conceivable caution we can think of makes you more safe.