From Free Software Directory
Jump to: navigation, search

Reviews: 0 ... further results.


Master Password
A stateless password manager

Most password managers are password vaults: they let you store or generate a strong password for your services and then encrypt that key and store it for later retrieval.

This approach presents many problems, in particular in the modern mobile age, that result in many frustrations:

* Vault availability:  If your vault is not available, you cannot use any of your services.
* Added risk of identity loss: If you lose (eg. HDD failure/house fire) your vault, you instantly lose your entire online identity.
* Force of law: Many countries have laws that require you to divulge the encryption key if a lawful search discovers your vault.

Some password vaults implement features to try and address these issues, such as Internet sync, cloud-based vaults or backups and self-destructing vaults. These features all work around issues inherent to the solution and bring their own set of issues:

* Network sync: Keeping data secure in transit is non-trivial and adds security risks.
* Backups: Requires that you keep multiple locations secure from loss and theft, as well as the vault in transit.
* Cloud-based services: Requires you to trust an external party and sacrifices transparency and freedom.
* Defensive destruction: Reliability issues and again, risk total identity loss.

Master Password is a completely different approach to passwords. The core issue that brings forth these problems is the vault used to store passwords. Master Password removes the vault from the solution by being a stateless solution, thus avoiding each of these issues.

Master Password works by being an offline and stateless algorithm used to calculate your site passwords on-demand. Your passwords exist only as long as you need them and then disappear from disk and memory. Passwords are calculated based on a master password and the user's full name, combined with the name of the site. Calculation is based on strong, known and understood cryptographic hashes.

Hash-based password generation is not new, but Master Password is a careful implementation that avoids many issues that other hash-based password managers suffer from. Cryptography is not easy and upon inspection, the security of most hash-based password generators completely falls apart. Master Password uses scrypt combined with hmac-sha256 and salting to prevent all known attack vectors.

"IRC general" IRC general channel



Verified by

Verified on


Leaders and contributors

Maarten Billemont Author

Resources and communication

AudienceResource typeURI
Bug Tracking
VCS Repository Webview

Software prerequisites

Source requirementXcode (for iOS / OS X code)
Required to useWeb browser with JavaScript
Source requirementJava 1.7 (for Java / Android)
Required to useiOS device
Required to useOS X
Required to useJava runtime
Required to useC99 compiler


"{{{Submitted date}}}" contains an extrinsic dash or other characters that are invalid for a date interpretation.

"Author" is not in the list (Maintainer, Contributor, Developer, Sponsor, Unknown) of allowed values for the "Role" property.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.

The copyright and license notices on this page only apply to the text on this page. Any software or copyright-licenses or other similar notices described in this text has its own copyright notice and license, which can usually be found in the distribution or license text itself.