📑 Table of Contents
Master Password
Original authorMaarten Billemont
ReleaseJune 15, 2012; 14 years ago (2012-06-15)
Stable release
2.3 / April 19, 2015; 11 years ago (2015-04-19)
Written inJava, C, JavaScript
Operating systemMicrosoft Windows and Unix-like, including OS X, iOS and Android
Available inEnglish
TypePassword generator
LicenseGNU General Public License
Websitewww.masterpassword.app
Repositorywww.gitlab.com/MasterPassword/MasterPassword

Master Password is a type of algorithm first implemented by Maarten Billemont for creating unique passwords in a reproducible manner. It differs from traditional password managers in that the passwords are not stored on disk or in the cloud, but are regenerated every time from information entered by the user: Their name, a master password, and a unique identifier for the service the password is intended for (usually the URL).[1]

By not storing the passwords anywhere, this approach makes it harder for attackers to steal or intercept them. It also removes the need for synchronization between devices, backups of potential password databases and risks of data breach. This is sometimes called sync-less password management.

Algorithm

edit

Billemont's implementation involves the following parameters:[1]

  • name: The username, used as a salt. The user's full name is chosen as it provides a sufficiently high level of entropy while being unlikely to be forgotten.
  • master_password: The secret for generating the master key.
  • site_name: A unique name for the service the password is intended for. Usually the bare domain name.
  • counter: An integer that can be incremented when the service requests a new password. By default, it is 1.
  • password_type: The password type defines the length and the constitution of the resulting password, see below.

Master key generation

edit

In Billemont's implementation, the master key is a global 64-byte secret key generated from the user's secret master password and salted by their full name. The salt is used to avoid attacks based on rainbow tables. The scrypt algorithm, an intentionally slow key derivation function, is used for generating the master key to make a brute-force attack infeasible. 

salt = "com.lyndir.masterpassword" + length(name) + name
master_key = scrypt(master_password, salt, 32768, 8, 2, 64)

Template seed generation

edit

The template seed is a site-specific secret in binary form, generated from the master key, the site name and the counter using the HMAC-SHA256 algorithm. It is later converted to a character string using the password templates. The template seed makes every password unique to the website and to the user. 

seed = hmac_sha256(master_key, "com.lyndir.masterpassword" + length(site_name) + site_name + counter)

Password generation

edit

The binary template seed is then converted to one of six available password types. The default type is the Maximum Security Password, others can be selected if the service's password policy does not allow passwords of that format:

  • Maximum Security Password (20 ASCII printable characters)
  • Long Password (14 ASCII printable characters)
  • Medium Password (8 ASCII printable characters)
  • Short Password (4 ASCII printable characters)
  • Basic Password (8 alphanumeric characters)
  • PIN (4 digits)

Implementations

edit

Billemont also created multiple free software implementations of the Master Password algorithm, licensed under the GPLv3.:[2]

References

edit
  1. ^ a b Billemont, Maarten. "The Master Password Algorithm". Archived from the original on December 9, 2017. Retrieved 8 May 2015.
  2. ^ "License file of the MasterPassword repository". GitHub. Retrieved 15 May 2015.
  3. ^ Billemont, Maarten. "Release 1.0.0". GitHub. Retrieved 15 May 2015.
  4. ^ Masterpassword's Firefox add-on
  5. ^ Masterpassword's Chrome plugin
  6. ^ Billemont, Maarten. "Master Password Homepage". Retrieved 15 May 2015.
edit

Official website

📚 Artikel Terkait di Wikipedia

Random password generator

Diceware Hardware random number generator Key size Master Password (algorithm) Password length parameter Password manager Ghazvininejad, Marjan; Knight, Kevin

Password manager

Microsoft Windows 95, Password Safe used Schneier's Blowfish algorithm to encrypt passwords and other sensitive data. Although Password Safe was released

One-time password

the password (OTPs are valid only for a short period of time) Using a mathematical algorithm to generate a new password based on the previous password (OTPs

Key derivation function

(KDF) is a cryptographic algorithm that derives one or more secret keys from a secret value such as a master key, a password, or a passphrase using a

Bcrypt

increasing computation power. The bcrypt function is the default password hash algorithm for OpenBSD,[non-primary source needed] and was the default for

Password

plaintext password. When a user types in a password on such a system, the password handling software runs through a cryptographic hash algorithm, and if

KeePass

encrypted file. This file can be protected by any combination of a master password, a key file, and the current Windows account details. By default, the

Passwd

a user's password. The password entered by the user is run through a key derivation function to create a hashed version of the new password, which is