Especially a fast hash function like SHA256 instead of a purposefully slow key derivation function like Argon2 or PBKDF means that your master passphrase better be really good - so it would be advisable to use a randomly generated cryptographic key instead of a human-generated password*. which site is was used for), an attacker can start trying to crack the master passphrase by brute-force. Compare a classical, disk-based password manager: Here, an attacker would need access to the file as well as to the master passphrase.Īlso, with just access to a single password (as well its seed, i.e. Possibility of master passphrase compromise: If your master secret is ever compromised, all your passwords are now immediately compromised.
While the idea does generally does work, this blog post names some rather big practical disadvantages, two of which I'll summarize: Password managers with similar schemes do exist, and are called "deterministic password managers".
0 kommentar(er)
