![]() ![]() ![]() This key would need to be stored somewhere, defeating the whole point of the scheme. Especially a fast hash function like SHA256 instead of a purposefully slow key derivation function like Argon2 or PBKDF means that your master passphrase better be really good - so it would be advisable to use a randomly generated cryptographic key instead of a human-generated password*. which site is was used for), an attacker can start trying to crack the master passphrase by brute-force. Compare a classical, disk-based password manager: Here, an attacker would need access to the file as well as to the master passphrase.Īlso, with just access to a single password (as well its seed, i.e. Possibility of master passphrase compromise: If your master secret is ever compromised, all your passwords are now immediately compromised. While the idea does generally does work, this blog post names some rather big practical disadvantages, two of which I'll summarize: Password managers with similar schemes do exist, and are called "deterministic password managers". ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |