diff --git a/core/java/algorithm/src/main/java/com/lyndir/masterpassword/MPAlgorithm.java b/core/java/algorithm/src/main/java/com/lyndir/masterpassword/MPAlgorithm.java
index 07e2a714..d575333a 100644
--- a/core/java/algorithm/src/main/java/com/lyndir/masterpassword/MPAlgorithm.java
+++ b/core/java/algorithm/src/main/java/com/lyndir/masterpassword/MPAlgorithm.java
@@ -77,7 +77,7 @@ public abstract class MPAlgorithm {
      * for the case where {@code resultType} is a {@link MPResultTypeClass#Stateful}.
      */
     public abstract String siteResultFromState(byte[] masterKey, byte[] siteKey,
-                                               MPResultType resultType, @Nullable String resultParam);
+                                               MPResultType resultType, String resultParam);
 
     /**
      * The result for {@link #siteResult(byte[], byte[], String, UnsignedInteger, MPKeyPurpose, String, MPResultType, String)}
diff --git a/core/java/algorithm/src/main/java/com/lyndir/masterpassword/MPMasterKey.java b/core/java/algorithm/src/main/java/com/lyndir/masterpassword/MPMasterKey.java
index e0468e0e..030b8cd4 100644
--- a/core/java/algorithm/src/main/java/com/lyndir/masterpassword/MPMasterKey.java
+++ b/core/java/algorithm/src/main/java/com/lyndir/masterpassword/MPMasterKey.java
@@ -44,13 +44,14 @@ public class MPMasterKey {
 
     /**
      * @param masterPassword The characters of the user's master password.
-     *                       Note: this array is held by reference and its contents invalidated on {@link #invalidate()}.
+     *                       <b>Note: this method destroys the contents of the array.</b>
      */
     @SuppressWarnings("AssignmentToCollectionOrArrayFieldFromParameter")
     public MPMasterKey(final String fullName, final char[] masterPassword) {
 
         this.fullName = fullName;
-        this.masterPassword = masterPassword;
+        this.masterPassword = masterPassword.clone();
+        Arrays.fill( masterPassword, (char) 0 );
     }
 
     @Nonnull
@@ -162,7 +163,7 @@ public class MPMasterKey {
      */
     public String siteState(final String siteName, final MPAlgorithm algorithm, final UnsignedInteger siteCounter,
                             final MPKeyPurpose keyPurpose, @Nullable final String keyContext,
-                            final MPResultType resultType, @Nullable final String resultParam)
+                            final MPResultType resultType, final String resultParam)
             throws MPKeyUnavailableException {
 
         Preconditions.checkNotNull( resultParam );
diff --git a/core/java/algorithm/src/main/java/com/lyndir/masterpassword/impl/MPAlgorithmV0.java b/core/java/algorithm/src/main/java/com/lyndir/masterpassword/impl/MPAlgorithmV0.java
index d4ab7a16..bb0b2f33 100644
--- a/core/java/algorithm/src/main/java/com/lyndir/masterpassword/impl/MPAlgorithmV0.java
+++ b/core/java/algorithm/src/main/java/com/lyndir/masterpassword/impl/MPAlgorithmV0.java
@@ -125,7 +125,7 @@ public class MPAlgorithmV0 extends MPAlgorithm {
             case Template:
                 return siteResultFromTemplate( masterKey, siteKey, resultType, resultParam );
             case Stateful:
-                return siteResultFromState( masterKey, siteKey, resultType, resultParam );
+                return siteResultFromState( masterKey, siteKey, resultType, Preconditions.checkNotNull( resultParam ) );
             case Derive:
                 return siteResultFromDerive( masterKey, siteKey, resultType, resultParam );
         }
@@ -170,7 +170,7 @@ public class MPAlgorithmV0 extends MPAlgorithm {
 
     @Override
     public String siteResultFromState(final byte[] masterKey, final byte[] siteKey,
-                                      final MPResultType resultType, @Nullable final String resultParam) {
+                                      final MPResultType resultType, final String resultParam) {
 
         Preconditions.checkNotNull( resultParam );
         Preconditions.checkArgument( !resultParam.isEmpty() );
diff --git a/core/java/model/src/main/java/com/lyndir/masterpassword/model/MPUser.java b/core/java/model/src/main/java/com/lyndir/masterpassword/model/MPUser.java
index ca54cc08..ce0cc73a 100644
--- a/core/java/model/src/main/java/com/lyndir/masterpassword/model/MPUser.java
+++ b/core/java/model/src/main/java/com/lyndir/masterpassword/model/MPUser.java
@@ -57,6 +57,7 @@ public interface MPUser<S extends MPSite<?>> extends Comparable<MPUser<?>> {
      * Note: If a keyID is not set, authentication will always succeed and the keyID will be set to match the given master password.
      *
      * @param masterPassword The password to authenticate with.
+     *                       You cannot re-use this array after passing it in, authentication will destroy its contents.
      *
      * @throws MPIncorrectMasterPasswordException If authentication fails due to the given master password not matching the user's keyID.
      */
diff --git a/core/java/model/src/main/java/com/lyndir/masterpassword/model/impl/MPBasicSite.java b/core/java/model/src/main/java/com/lyndir/masterpassword/model/impl/MPBasicSite.java
index abb774a2..eae0fb34 100644
--- a/core/java/model/src/main/java/com/lyndir/masterpassword/model/impl/MPBasicSite.java
+++ b/core/java/model/src/main/java/com/lyndir/masterpassword/model/impl/MPBasicSite.java
@@ -123,7 +123,7 @@ public abstract class MPBasicSite<Q extends MPQuestion> implements MPSite<Q> {
     }
 
     protected String getState(final MPKeyPurpose keyPurpose, @Nullable final String keyContext,
-                              @Nullable final UnsignedInteger counter, final MPResultType type, @Nullable final String state)
+                              @Nullable final UnsignedInteger counter, final MPResultType type, final String state)
             throws MPKeyUnavailableException {
 
         return getUser().getMasterKey().siteState(