Small fixes to the website.
This commit is contained in:
parent
cf52221175
commit
cf750f30e0
@ -134,6 +134,8 @@
|
|||||||
</p>
|
</p>
|
||||||
<p>In practice, the secret master password is the only extra thing users will actually need to remember. Their full name, they'll hopefully remember regardless. If the site is always named after the bare domain name, it needn't explicitly be remembered but can be found in the browser's address bar. The counter and type need only be remembered if they are changed from their default values.</p>
|
<p>In practice, the secret master password is the only extra thing users will actually need to remember. Their full name, they'll hopefully remember regardless. If the site is always named after the bare domain name, it needn't explicitly be remembered but can be found in the browser's address bar. The counter and type need only be remembered if they are changed from their default values.</p>
|
||||||
|
|
||||||
|
<hr />
|
||||||
|
|
||||||
<p>In short, the algorithm involves the following steps:
|
<p>In short, the algorithm involves the following steps:
|
||||||
<ol>
|
<ol>
|
||||||
<li>Calculate the <strong>master key</strong> from a user's name and master password.</li>
|
<li>Calculate the <strong>master key</strong> from a user's name and master password.</li>
|
||||||
@ -142,6 +144,13 @@
|
|||||||
</ol>
|
</ol>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
<p>To ensure cross-platform compatibility, we define all data as byte streams using the following encodings for other types:
|
||||||
|
<ul>
|
||||||
|
<li>Strings (eg. <code>"com.lyndir"</code>) are encoded as UTF-8.</li>
|
||||||
|
<li>Numbers (eg. <code>name length</code>) are encoded as 32-bit unsigned integers in network byte order.</li>
|
||||||
|
</ul>
|
||||||
|
</p>
|
||||||
|
|
||||||
<h1>The Master Key</h1>
|
<h1>The Master Key</h1>
|
||||||
<p>The master <code>key</code> is a 64-byte secret key generated by performing expensive key derivation using the user's master password salted by their full name. It represents the user's global secret.</p>
|
<p>The master <code>key</code> is a 64-byte secret key generated by performing expensive key derivation using the user's master password salted by their full name. It represents the user's global secret.</p>
|
||||||
<p>The purpose of this process is to deter any attempts at brute-forcing a user's master password from a known site password. The key derivation is done using the <a href="http://www.tarsnap.com/scrypt.html" onclick="_gaq.push(['_trackPageview', '/outbound/tarsnap.com/scrypt.html">scrypt</a> algorithm, which guarantees that the process sufficiently time- and resource-consuming to make brute-forcing an infeasible attack.</p>
|
<p>The purpose of this process is to deter any attempts at brute-forcing a user's master password from a known site password. The key derivation is done using the <a href="http://www.tarsnap.com/scrypt.html" onclick="_gaq.push(['_trackPageview', '/outbound/tarsnap.com/scrypt.html">scrypt</a> algorithm, which guarantees that the process sufficiently time- and resource-consuming to make brute-forcing an infeasible attack.</p>
|
||||||
|
@ -82,10 +82,10 @@
|
|||||||
|
|
||||||
<section>
|
<section>
|
||||||
Get it for:
|
Get it for:
|
||||||
<a title="iPhone, iPad, iPod touch" href="http://itunes.apple.com/app/id510296984" onclick="goog_report_conversion('index-fixed-header');_gaq.push(['_trackPageview', '/outbound/itunes']);">iPhone / iPad<img class="popup" src="img/ios.png" /></a> |
|
<a title="iPhone, iPad, iPod touch" href="http://itunes.apple.com/app/id510296984" onclick="goog_report_conversion('index-fixed-header');_gaq.push(['_trackPageview', '/outbound/ios']);">iPhone / iPad<img class="popup" src="img/ios.png" /></a> |
|
||||||
<a title="Mac (graphical interface)" href="masterpassword-mac.zip">OS X<img class="popup" src="img/mac-gui.png" /></a> |
|
<a title="Mac (graphical interface)" href="masterpassword-mac.zip" onclick="goog_report_conversion('index-fixed-header');_gaq.push(['_trackPageview', '/outbound/gui/mac']);">OS X<img class="popup" src="img/mac-gui.png" /></a> |
|
||||||
<a title="Mac, Linux, UNIX, Windows (graphical interface)" href="masterpassword-gui.jar" onclick="goog_report_conversion('index-fixed-header');_gaq.push(['_trackPageview', '/outbound/gui']);">Desktop (Java)<img class="popup" src="img/java-gui.png" /></a> |
|
<a title="Mac, Linux, UNIX, Windows (graphical interface)" href="masterpassword-gui.jar" onclick="goog_report_conversion('index-fixed-header');_gaq.push(['_trackPageview', '/outbound/gui/java']);">Desktop (Java)<img class="popup" src="img/java-gui.png" /></a> |
|
||||||
<a title="Mac, Linux, UNIX, Windows (command line interface)" href="masterpassword-cli.zip" onclick="goog_report_conversion('index-fixed-header');_gaq.push(['_trackPageview', '/outbound/cli']);">Terminal (Java)<img class="popup" src="img/java-cli.png" /></a> |
|
<a title="Mac, Linux, UNIX, Windows (command line interface)" href="masterpassword-cli.zip" onclick="goog_report_conversion('index-fixed-header');_gaq.push(['_trackPageview', '/outbound/cli/java']);">Terminal (Java)<img class="popup" src="img/java-cli.png" /></a> |
|
||||||
<a title="command line interface" href="https://github.com/Lyndir/MasterPassword/tree/master/MasterPassword/C" onclick="goog_report_conversion('index-fixed-header');_gaq.push(['_trackPageview', '/outbound/cli/c']);">Terminal (C)<img class="popup" src="img/c-cli.png" /></a>
|
<a title="command line interface" href="https://github.com/Lyndir/MasterPassword/tree/master/MasterPassword/C" onclick="goog_report_conversion('index-fixed-header');_gaq.push(['_trackPageview', '/outbound/cli/c']);">Terminal (C)<img class="popup" src="img/c-cli.png" /></a>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
@ -96,7 +96,7 @@
|
|||||||
|
|
||||||
<h1>Nothing To Lose</h1>
|
<h1>Nothing To Lose</h1>
|
||||||
<p><strong>Master Password is <em>different</em></strong>: it is based on an ingenious password generation algorithm that guarantees your passwords <em>can never be lost</em>.</p>
|
<p><strong>Master Password is <em>different</em></strong>: it is based on an ingenious password generation algorithm that guarantees your passwords <em>can never be lost</em>.</p>
|
||||||
<p>While password managers generally save your passwords in an encrypted vault or upload them to the cloud for safe-keeping, they make you dependant on syncing, backups or Internet access.</p>
|
<p>While password managers generally save your passwords in an encrypted vault or upload them to the cloud for safe-keeping, they make you dependent on syncing, backups or Internet access.</p>
|
||||||
<p>Master Password has none of these downsides. Its passwords aren't stored: they are <b>generated on-demand</b> from your name, the site and your master password; <em>even on a brand-new iPhone</em> without restoring any backups or Internet access.</p>
|
<p>Master Password has none of these downsides. Its passwords aren't stored: they are <b>generated on-demand</b> from your name, the site and your master password; <em>even on a brand-new iPhone</em> without restoring any backups or Internet access.</p>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -154,7 +154,7 @@
|
|||||||
How easy is it to use this product? How likely are you to bypass it for convenience?</li>
|
How easy is it to use this product? How likely are you to bypass it for convenience?</li>
|
||||||
</ol>
|
</ol>
|
||||||
|
|
||||||
<p><strong>In summary</strong>: Master Password aims to solve each of these security problems rather than just focussing on one. It gives you <strong>unique strong passwords for each site</strong> that are also easy to use, generated in a way that makes them <strong>immune to data loss</strong>, completely independant from any third parties using an algorithm <strong>hardened against any known attack vector</strong>.</p>
|
<p><strong>In summary</strong>: Master Password aims to solve each of these security problems rather than just focussing on one. It gives you <strong>unique strong passwords for each site</strong> that are also easy to use, generated in a way that makes them <strong>immune to data loss</strong>, completely independent from any third parties using an algorithm <strong>hardened against any known attack vector</strong>.</p>
|
||||||
|
|
||||||
<div class="hlvl">
|
<div class="hlvl">
|
||||||
<h2 id="strength">STRENGTH: Why Is Master Password Strong?</h2>
|
<h2 id="strength">STRENGTH: Why Is Master Password Strong?</h2>
|
||||||
|
Loading…
Reference in New Issue
Block a user