You are not logged in. Your edit will be placed in a queue until it is peer reviewed.
We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.
Required fields*
- Using your master password for much more than your password vault is a very bad idea. Your password fault is generally not available to others, having a master password is an additional security measure, for me at least. Devices have a wildly different amount of hardware; it may not be possible to have a 1s delay on a 4 GHz x64 CPU and have it run in anything considered useful on a low end smartphone or, say, an old Raspberry (which are "sluggish" to say the least).Maarten Bodewes– Maarten Bodewes2018-11-13 11:46:48 +00:00Commented Nov 13, 2018 at 11:46
- 1Both methods have their advantages and disadvantages (and you hint at this when asking for "other parameters"). You can ask about those, but asking which is more secure is opinionated and the question may be closed because of that.Maarten Bodewes– Maarten Bodewes2018-11-13 11:49:33 +00:00Commented Nov 13, 2018 at 11:49
- Hmm, well let's say that the random passwords are chosen from [a-zA-Z0-9]{21}, that gives ~131 bits of entropy. If the master password has more entropy than that and you use an HMAC(site_name, master_pw) construction to derive the passwords, then your derived passwords should be just as secure as if they were chosen uniformly at random. But this derivation scheme is less secure overall: if an attacker ever gained access to your master password (even for a moment) your future derived passwords are at risk if you continue using that password...kiwidrew– kiwidrew2018-11-13 12:05:50 +00:00Commented Nov 13, 2018 at 12:05
- I fail to see the difference with encryption: if he has my master password, he should also be able to decrypt my vault and retrieve all my stored passwords. However, if my master password is compromised, I may want to change it, but if I do, I will have to change all my derived passwords but won't have to for the encrypted ones... I will add the password auto change feature.CidTori– CidTori2018-11-13 13:06:13 +00:00Commented Nov 13, 2018 at 13:06
Add a comment |
How to Edit
- Correct minor typos or mistakes
- Clarify meaning without changing it
- Add related resources or links
- Always respect the author’s intent
- Don’t use edits to reply to the author
How to Format
- create code fences with backticks ` or tildes ~ ```
like so
``` - add language identifier to highlight code ```python
def function(foo):
print(foo)
``` - put returns between paragraphs
- for linebreak add 2 spaces at end
- _italic_ or **bold**
- quote by placing > at start of line
- to make links (use https whenever possible) <https://example.com>[example](https://example.com)<a href="https://example.com">example</a>
How to Tag
A tag is a keyword or label that categorizes your question with other, similar questions. Choose one or more (up to 5) tags that will help answerers to find and interpret your question.
- complete the sentence: my question is about...
- use tags that describe things or concepts that are essential, not incidental to your question
- favor using existing popular tags
- read the descriptions that appear below the tag
If your question is primarily about a topic for which you can't find a tag:
- combine multiple words into single-words with hyphens (e.g. web-application), up to a maximum of 35 characters
- creating new tags is a privilege; if you can't yet create a tag you need, then post this question without it, then ask the community to create it for you