This project has moved. For the latest updates, please go here.

Master Password must be stored (Plugin MasterKee)

Aug 13, 2014 at 2:01 PM
Hi,

i installed the MasterKee plugin because i like to test it. After starting it the plugin said it has to store the master password in the Keepass2Android Database. Is this really necessary ? Storing the password, also if it is hased, is a reduction of security. Or am i wrong ?

Bernd
Coordinator
Aug 13, 2014 at 7:00 PM
I understand what you mean and I somewhat agree. But I also strongly believe in the high quality of Keepass 2 encryption, i.e. I believe it's safe to use a .kdbx file. (Otherwise I would need to shutdown Kp2A development and build a new password manager based on MasterPassword algorithm).

I did not want to store the master password, but on my development device (Galaxy Nexus) calculating a password took ~12 seconds which is definitely too slow. That's why I decided to store the hashed master password (which speeds things up significantly).

I might add an option for that in the future because on newer devices this isn't such a problem.