How did you get my same password "c1ca8854" generated on your v0.6 instance without knowing the master password??
I left the master password
empty.
I thought given the password, and the website it is impossible to reverseengineer the masterpassword
That's right. It would take many lifetimes to reverse engineer the master password -- assuming you're using one!
Is there a security hole somewhere? Hope not since this is a great piece of software.
Thank you. No, there's no security hole. You really
must use a master password or you'll be susceptible to the very attack that happened here -- I happened to leave the master password field blank/empty, and got the same results as you because all the other settings were the same.
If you select a master password instead of using an empty one, it will take many lifetimes for anyone to reverse engineer your master.
Hope this answers your question -- let me know if you have any others,
Eric