2
0

Merge branch 'master' of github.com:Lyndir/MasterPassword

This commit is contained in:
Maarten Billemont 2015-01-21 11:12:23 -05:00
commit f392ad4053
4 changed files with 5 additions and 5 deletions

View File

@ -390,7 +390,7 @@ static OSStatus MPHotKeyHander(EventHandlerCallRef nextHandler, EventRef theEven
NSAlert *alert = [NSAlert alertWithMessageText:@"Delete User"
defaultButton:@"Delete" alternateButton:nil otherButton:@"Cancel"
informativeTextWithFormat:@"This will delete %@ and all his sites.", self.activeUserForMainThread.name];
informativeTextWithFormat:@"This will delete %@ and all their sites.", self.activeUserForMainThread.name];
if ([alert runModal] != NSAlertDefaultReturn)
return;

View File

@ -255,7 +255,7 @@
</pre></code>
<p>
The result is a 64-byte <code>key</code> derived from the user's master password. This key will be fed into the rest of the algorithm to produce output passwords that are as private to the user as his master password is.
The result is a 64-byte <code>key</code> derived from the user's master password. This key will be fed into the rest of the algorithm to produce output passwords that are as private to the user as their master password is.
</p>
<h2>Combining The Inputs</h2>

View File

@ -296,14 +296,14 @@
<h3 id="masterkey" class="inline">The Master Key</h3>
<p>The first part of the process it to obtain a very strong "token" of your personal identity. We call this token your <em>master key</em>, because it is very much like the one and only <strong>main key that opens all your doors</strong>. It is a personal key, it represents your identity.</p>
<p>The master key is derived from your name and your master password, and thrown away as soon as it's no longer needed to minimize the risk of loss.</p>
<p>Since it's vital that nobody else can gain access to your master key, it's important that the process of deriving the key is insurmountably difficult. An attacker could try a brute-force attack against your master key or password by convincing you to make an account on his website, and then guessing at your master password or your master key until he finds one that gives him your password for his fake site.</p>
<p>Since it's vital that nobody else can gain access to your master key, it's important that the process of deriving the key is insurmountably difficult. An attacker could try a brute-force attack against your master key or password by convincing you to make an account on their website, and then guessing at your master password or your master key until he finds one that gives him your password for their fake site.</p>
<p>These are two different types of brute-force attacks and we need to make sure to defeat both of them.</p>
<p>To defeat a brute-force attack against your master key, we make sure the master key is sufficiently high in entropy. Since the master key is a 256-bit key, an attacker would now have to make up to <code>2<sup>256</sup></code> guesses, or try <code>115792089237316195423570985008687907853269984665640564039457584007913129639936</code> master keys before finding the right one. Even at an ambitious rate of 2 billion tries per second, it would take several times the age of the universe to try all of them.
<p>A brute-force attack against your master password is more feasible, since your master password will be tiny compared to such a huge master key.</p>
<p>Even if you used an 8-character evenly distributed random alphanumeric password (such as <code>yIp6X2qd</code>), a smart attacker could brute-force such a password in less than <em>1.7 days</em>.</p>
<p>To solve this problem, we introduce an expensive <q>scrypt</q>-based <em>key derivation</em> step. <em>scrypt</em> specifically improves on standard key derivation techniques by not only wasting a lot of <em>CPU time</em>, but also consuming huge amounts of <em>RAM</em>. We need to be careful to choose the right parameters so that logging into Master Password doesn't take too long on weaker mobile devices while the possibility of guessing at passwords is sufficiently
crippled for attackers. The theory is, the longer it takes for an attacker to try out one guess of your master password, the longer it'll take him to find the right one. We pull this theory into the extreme so that guessing your password now takes <strong>2151076 years</strong> instead of <em>1.7 days</em> while logging into Master Password on an iPhone 4S takes no more than 3 seconds.</p>
<p>It bears note that <em>scrypt</em>'s approach is specifically interesting because it costs both a lot of CPU and a lot of RAM to derive a master key. That means that the more computers an attacker buys, the more his $ cost goes up. CPU and RAM are expensive, and forcing the derivation to use a lot instead of minuscule amounts causes the $ cost of a brute-force attack to become phenomenal.</p>
<p>It bears note that <em>scrypt</em>'s approach is specifically interesting because it costs both a lot of CPU and a lot of RAM to derive a master key. That means that the more computers an attacker buys, the more their $ cost goes up. CPU and RAM are expensive, and forcing the derivation to use a lot instead of minuscule amounts causes the $ cost of a brute-force attack to become phenomenal.</p>
<p>Given these solutions, we feel confident Master Password is adequately protected against attacks on your private master key.</p>
</div>
<div class="hlvl">

View File

@ -160,7 +160,7 @@
<a name="trust"></a>
<h2>You speak of trust, how can I trust you?</h2>
<p>A very valid question, and arguably the most important one to ask!</p>
<p>Trust is a very difficult thing to guarantee. Powerful entities will solicit your trust by appearing with it and coming well recommended. Trust can also be assured by legalese or contracts. If you have the means and energy to hold an entity responsible for his claims and actions, this might be sufficient for you.</p>
<p>Trust is a very difficult thing to guarantee. Powerful entities will solicit your trust by appearing with it and coming well recommended. Trust can also be assured by legalese or contracts. If you have the means and energy to hold an entity responsible for their claims and actions, this might be sufficient for you.</p>
<p>Most of us mere mortals cannot afford this level of trust enforcement, however. We're mostly left in the position of trusting claims blindly, in the hopes that companies will not violate those claims for fear of taking a seizable public-relations hit.</p>
<h3>I propose that none of these forms of trust are sufficient adequate.</h3>
<p>In fact, Master Password is what it is because it aims to avoid any requirement of trust in the solution's author. Master Password requires no services or proprietary storage format. I've published Master Password's algorithm for you to inspect and licensed to you the full source code to the implementations for you to use.</p>