The theory behind Master Password is simple. The user remembers a single, secure password. The user only ever uses that password to log into the Master Password application. This master password is then used as a seed to generate a different password based on the name of the site to generate a password for.
</p>
<p>
The result is that each master password generates its own unique sequence of passwords for any site name. Since the only input data is the master password and the site name (along with a password counter, see below), there is no need for any kind of storage to recreate a site's password. All that's needed is the correct master password and the correct algorithm implementation. What that does for you is make it almost impossible to lose your passwords. It also makes it nearly impossible for hackers to steal your online identity.
</p>
<h1>The algorithm</h1>
<p>
The user chooses a single master password, preferably sufficiently long to harden against brute-force attacks. The application then creates a <ahref="http://www.tarsnap.com/scrypt.html"onclick="_gaq.push(['_trackPageview', '/outbound/tarsnap.com/scrypt.html">scrypt</a> key derivative from the user's password. This process takes quite a bit of processing time and memory. It makes brute-forcing the master password <b>far more difficult</b>, to practically infeasible, even for otherwise vulnerable password strings.
</p>
<code><pre>
key = scrypt( P, S, N, r, p, dkLen )
where
P = master password
S = <empty>
N = 16384
r = 8
p = 1
dkLen = 64
</pre></code>
<p>
When the user requests a password be generated for a site, the application composes a byte string consisting of the <code>site name</code> (UTF-8 decoded), the <code>key</code>, and a <code>salt</code> (a 32-bit unsigned integer in network byte order. Normally this is the password counter), delimited in that order by a single <code>NUL byte</code>, and hashes it using the <code>SHA-1</code> algorithm. The result is called the <code>seed</code>.
</p>
<code><pre>
salt = htonl( password counter )
seed = sha1( site name . "\0" . key . "\0" . salt )
</pre></code>
<p>
The seed is now combined with the password type the user has chosen for the site. Password types determine the <q>cipher</q> that will be used to encode the <code>seed</code> bytes into a readable password. For instance, the standard password type <q>Long Password</q> activates one of three pre-set ciphers: <code>CvcvCvcvnoCvcv</code>, <code>CvcvnoCvcvCvcv</code> or <code>CvcvCvcvCvcvno</code>. Which of those will be used, depends on the first byte of the <code>seed</code>. Take the byte value modulo the amount of pre-set ciphers (in this case, three), and the result tells you which of the pre-set ciphers to use.
