No, no, not a thousand times.
If you are allowed to watch the GPLv2 code, see the KeePass source code.
The master password turns into a key (password-based output), and this key is used to encrypt and decrypt individual pieces of data (individual passwords).
Therefore, the process is similar to this: 1. Disable any kind of swap disk that you can disable. Ask the user for the wizard password.
Turn the master password into the main encryption key with only memory using something like PBKDF2 (HMAC-SHA-256, master password, stored random salt *, 2,000,000, 256). PBKDF2 is also known as RFC2898 and PKCS # 5. HMAC-SHA-256 is a hash function. The main password is what the user entered - it is never saved in any form at all! A stored random salt is a 64-bit or greater cryptographically random value generated with each new master password and is saved instead of saving any form of the master password. 2000000 - this is the number of times we are going to start the HMAC, which is stored and must be selected by the user - it should be as long as you can wait (KeePass has a function to compare them and see how long it takes 1 second - I recommend increasing this to 4 or 5 seconds). 256 is the number of bits of the required output - in this case, I assume that you are going to use CAMELLIA-256 or AES-256 to encrypt your passwords (just indicate how many bits your encryption function uses for the key), Yes, you can use scrypt or bcrypt .
Check that the master password is correct: if we go to the existing database with the existing master password, use this key only to store data in order to decrypt some fixed data, for example, the "default" password. If the value decrypts the value you expect, the entered master password was correct; if not, the master password was incorrect and / or the database is corrupted. If we start a new database or change the master password, encrypt this password by default and save the encrypted value.
Use the master encryption key to decrypt URLs, usernames, notes, and other data without a password.
Use the master encryption key to decrypt existing passwords only at the user's request (but only the exact password that the user requested), and then overwrite the data with random garbage as soon as it is done with it or the timer ends. Encrypt new passwords using the master encryption key.
As soon as the user runs or ends the timer, overwrite all the variables (in particular, the main encryption key only in memory) with random garbage.
Note that you save:
- Number of iterations
- salt
- The encrypted "fixed" password is used solely to verify that the master password is correct.
- Encrypted username, URL, notes, etc.
- Encrypted passwords for individual sites
You never store a master password or a hash. You never compare the master password, its hash, or even the generated master encryption key for anything else. You only ever make a master password and turn it into a master encryption key, and then use this key to encrypt or decrypt data known from the data (“fixed” password), you can see if this key gave the expected results. Unknown data (everything that the user enters and cares) is also encrypted or decrypted when you know that the main password is correct.
Master Password never stored
source share