I commented about LessPass, and I think it applies here too. In summary, you still need to run MasterPass to retrieve their passwords, not here.

Security-wise, my construction might be slightly less secure, but you can recover the same level of security with a slightly longer passphrase (and, unless I misread their code, they also use a deterministic salt in scrypt, which is a debatable choice).

As I said about LessPass, it would be great to hear from the author(s) what they think.

--

--

--

Forging the Everdragons2 NFT. Former security at Pinterest.

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Emanuele Cesena

Emanuele Cesena

Forging the Everdragons2 NFT. Former security at Pinterest.

More from Medium

Never Love Your Code

How Toned is Your Granny? ©2019

13 Useful Truths My Younger Self Didn’t Know

Knowing When to Stop is Part of the Victory