Master Password is an algorithm used to generate unique passwords for websites, email accounts, or anything else based only on easily reproducible input.
The goal is a process that avoids all the problems involved with other password solutions.
The Master Password algorithm is open: this page describes its inner workings in detail. We believe the following is an important lesson we should all learn: Regardless of how much encryption a solution claims, if you don't know how it works, you cannot assume it is secure (at least, not the kind of secure you care about).
+The Master Password algorithm is open: this page describes its inner workings in detail. We believe the following is an important lesson we should all learn: Regardless of how much encryption a solution claims, if you don't know how it works, you cannot assume it is secure (at least, not the kind of secure you care about).
The Password Problem
@@ -168,7 +168,7 @@ dkLen = 64
The Template Seed
With the master key known, we can proceed to calculate a template seed for the site. The template seed is essentially the site-specific secret in binary form.
To generate the template seed, we construct an authentication code for the site's name and counter using the user's master key.
We employ the HMAC-SHA-256 algorithm to obtain a large enough seed for the encoding step that follows.
We employ the HMAC-SHA-256 algorithm to obtain a large enough seed for the encoding step that follows.
seed = hmac-sha256( key, "com.lyndir.masterpassword" . site name length . site name . counter )@@ -285,12 +285,12 @@ passWord[i] = passChar
bcdfghjklmnpqrstvwxyzTemplate character: A (= V . C)
+
Template character: A
AEIOUBCDFGHJKLMNPQRSTVWXYZ
Template character: a (= V . v . C . c)
+
Template character: a
AEIOUaeiouBCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz
@&%?,=[]_:-+*$#!'^~;()/.Template character: X (= a . n . o)
+
Template character: X
-
-
AEIOUaeiouBCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz0123456789@&%?,=[]_:-+*$#!'^~;()/.
+ AEIOUaeiouBCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz0123456789!@#$%^&*()
-
-
- #masterpassword (freenode) +
- #masterpassword (freenode)
- ⬇ Press Kit
-
@@ -94,9 +94,17 @@
- The attacker can calculate
1 479 millionSHA-256 hashes per second (hashcat on AMD HD 6990)
+ - The attacker can calculate
1 479 millionSHA-256 hashes per second (hashcat on AMD HD 6990) - The attacker can calculate
3.3Master Password passwords per second (2GHz MacBook Pro, scrypt N=32768, r=8, p=2, dkLen=64). - FAQ
- Algorithm
- Support -
- Source (GPL) +
- Source (GPL)
- #masterpassword (freenode) +
- #masterpassword (freenode)
- ⬇ Press Kit
-
@@ -62,7 +62,7 @@
- FAQ
- Algorithm
- Support -
- Source (GPL) +
- Source (GPL)
- #masterpassword (freenode) +
- #masterpassword (freenode)
- ⬇ Press Kit
-
@@ -95,8 +95,8 @@
diff --git a/Site/2013-05/security.html b/Site/2013-05/security.html
index 9d7ac54d..36eda731 100644
--- a/Site/2013-05/security.html
+++ b/Site/2013-05/security.html
@@ -40,10 +40,10 @@
- FAQ
- Algorithm
- Support -
- Source (GPL) +
- Source (GPL)
- #masterpassword (freenode) +
- #masterpassword (freenode)
- ⬇ Press Kit
-
@@ -170,7 +170,7 @@
- FAQ
- Algorithm
- Support -
- Source (GPL) +
- Source (GPL)
- #masterpassword (freenode) +
- #masterpassword (freenode)
- ⬇ Press Kit
-
@@ -90,20 +90,20 @@
- FAQ
- Algorithm
- Support -
- Source (GPL) +
- Source (GPL)
- #masterpassword (freenode) +
- #masterpassword (freenode)
- ⬇ Press Kit
-
@@ -146,8 +146,8 @@
There is an exception: Master Password allows you to save "custom" or "personal" passwords in the app. These passwords don't use Master Password's special algorithm and are merely encrypted using the strong master key derived from your master password. These types of passwords behave more like conventional vault-based passwords do. They are however very well protected and an attacker would still need to find a way to crack your master password (which is extremely difficult, see below) before being able to decode the passwords in its vault.
+Can an officer force me to divulge my master password?
+Cryptography only provides technical security. It does not protect you from situations where you are legally required or forced by peers to surrender your key.
+
+ In fact, many countries provide their officers with a legal grounds for forcing you to divulge your encryption keys to any encrypted information they've recovered during a warranted search.
+Again, unlike ordinary password managers, Master Password might have an edge here. If you make no use of stored passwords, Master Password doesn't actually encrypt anything with your master password. That means, when your devices are seized, these legal grounds may no longer apply. Note however that this does not constitute legal advice and that this theory has never been tested in practice.
+For your safety, we recommend that in preparation of travelling, you change the master password for your user on the device. That way, if your device is seized by a foreign entity and they force you to divulge your master password, you'll likely be fully compliant by simply giving up the new master password even though it will cause the app to generate invalid passwords for all your sites. Later, you can always change the master password back to the real one.
+What should my master password be?
The simple answer to that question is: First and foremost, memorable and unrelated to you. What that means is that the most important thing about your master password is that you need to be able to recall it any time and yet it should not be derived from anything personal.
That advice usually doesn't help very much with actually picking a good master password. The goal of a good password is that it'll take an attacker a lot of guesses before he'll find it. That is the core idea behind good passwords.
+
There are a few strategies of getting good passwords. The speed with which an attacker can guess your password depends a lot on whether he knows what kind of password you're using or not. So we'll compare a few password strategies, their strength and how memorable they are.
The simplest strategy for picking good passwords is by just picking a bunch of random letters, digits and symbols and mixing them up. This is a great strategy for strong passwords but those passwords are usually not very memorable.
Another strategy is by "encoding" something you already know. This can seem like a good way to make memorable passwords, but recalling the "encoding" you used two years later can be tricky. This also makes it much easier for attackers that know you to find your password.
@@ -145,7 +153,7 @@Tr0ub4dorcorrect horse battery stapleWhat is the basis for your numbers?
The time-to-crack numbers throughout this website are based on the following assumptions:
-
-
-
-
Secure your life, forget your passwords.
-
@@ -106,7 +106,8 @@
Nothing To Intercept
Master Password is based on a stateless algorithm which frees it from the reliance on storage of secrets.
Since your generated passwords aren't saved to your device, there is no risk you'll be forced to divulge them to aggressive peers. And since these passwords don't need to be backed up or synchronized between devices over the network, there is no risk of them getting intercepted.
-Finally, Master Password is free software (GPLv3), its algorithm extensively documented and does not require you to trust any external party. This is particularly interesting in a society where things like PRISM and gag orders are a real threat.
+Finally, Master Password is free software (GPLv3), its algorithm extensively documented and does not require you to trust any external party. This is particularly interesting in a society where things like PRISM and gag orders are a real threat.
-
-
-
-
Master Password solves the strong passwords problem
by generating passwords for you with extremely high entropy. We've found that humans are exceedingly bad at coming up with good passwords, especially when they need a new one every week for a new site they sign up with. Master Password therefore takes the guesswork out of it and generates high-entropy, memorable passwords. High entropy means that when a hacker obtains all of LinkedIn's password hashes + href="http://www.washingtonpost.com/business/technology/linkedin-eharmony-deal-with-breach-aftermath/2012/06/07/gJQAwqs5KV_story.html" onclick="_gaq.push(['_trackPageview', '/outbound/linkedin']);">LinkedIn's password hashes again, they won't be able to brute-force your real LinkedIn password from it.
If you used an evenly distributed custom 8-character alphanumeric password (p4sSw0rD doesn't count), it would only take a powerful attacker 1.7 days to brute-force your password from a leaked hash. If you used Master Password's default Long Password instead, it would take that same attacker 1.4 years of non-stop focus on your password, assuming they already know you used Master Password. If they don't,
that time goes up to 26 billion years. If you used Master Password's Maximum Security type, it would take up to 422460722753999994880 years.
Master Password minimizes the parties
you need to trust by implementing a completely stateless solution that requires no storage (you don't need to trust your hard disk or hardware), requires no backups or syncing (you don't need to trust that all your passwords are safely backed up and synced across your devices so they're actually available to you), requires no cloud services (you don't need to trust that your Internet connection is safe, or a cloud provider won't lose your - data or secretly send it to your or a foreign government). + data or secretly send it to your or a foreign government).
Trust is the most common failure point.
Most other solutions that get strength right don't care so much about the trust front. They figure, if you're going to pay them for their app, you might as well trust them with all your passwords too. This really shouldn't be an implicit assumption. They're your passwords, and nobody else should have a say.
-Knowing what happened to Silent Circle and Lavabit, knowing how extremely powerful and persuasive governments and share-holders can be, you would be well advised to consider very carefully giving the keys to your digital identity to a separate entity.
+Knowing what happened to Silent Circle and Lavabit, knowing how extremely powerful and persuasive governments and share-holders can be, you would be well advised to consider very carefully giving the keys to your digital identity to a separate entity.
-
-
Feedback Forums
-Please see the support forums for answers to issues and questions or to open your own topic.
+Please see the support forums for answers to issues and questions or to open your own topic.
If you'd prefer to talk via email, send us a message at masterpassword@lyndir.com instead. You should get a personal reply within the hour if not in minutes.
+If you'd prefer to talk via email, send us a message at masterpassword@lyndir.com instead. You should get a personal reply within the hour if not in minutes.
-
-