Author Topic: Master Password Change  (Read 2050 times)

Offline esallc

  • Normal Members
  • *
  • Posts: 9
Master Password Change
« on: April 06, 2010, 07:05:19 PM »
I have been using PWM for a long time now and felt it was time to change the Master Password.  While checking this forum, I found some links about this topic but no clear answer.  I understand the basic issue here is if the password transforms are done in the memory, there is no possibility of change i.e. you cannot keep the function f same and guarantee f(x) will generate same result for multiple x.  However you can introduce an intermediate transform to maintain old result : f(g(x)).  To elaborate, here is a scenario:

a. My current MPw ('mpw1') works from memory using the account specific settings for stored entries and default settings for all others.
b. By starting the 'change the master passoword process', the old MPw hash value will be stored in the rdf file using the new MPw ('mpw2') using the default settings.
c. If the password generation process checks for this entry every time before coming up with site passwords, it will continue to use the old MPw ('mpw1') as the effective MPw but the user will be able to change the master passwords as many times as they want without affecting the current user settings.

A side effect (bad/good?) will be if the rdf file is copied/restored, the user will need to remember the MPw that goes with it.  Also the impact of default settings changes will need to be considered or the logic can use a predefined scheme to generate the value to be stored in the rdf file.  From security perspective, the stored value should be as much secure as the level of security provided by the current MPW + hashing algorithms - in other words, 'mpw1' cannot be derived any easily from the data in the file without knowing 'mpw2'.

Since I have not gone through all past discussions, this may have been thrashed out before.  But putting it on table anyway.

Thx.

PasswordMaker Forums

Master Password Change
« on: April 06, 2010, 07:05:19 PM »

 

anything