IPhone App: What means Attacker Budget ?

bernd.lentes's Avatar

bernd.lentes

13 Jul, 2017 05:17 PM

Hi,
I installed Maspertpassword because i like the idea of not storing any hashes of my passwords. I''m using the IPhone App and the Java implementation on several windows pc's. Until now i like it and appreciate the comfort of not remembering my passwords anymore.
But the point "Attacker Budget" in the settings from the IPhone App makes me a bit nervous. The text talks about a "database of SHA-1 hashes" and "breaking your site password". What does that mean ? Are the site passwords stored in hashes on the device, contrary to the principle of Masterpassword ? I would be very disapointed and stop using the app.
Hope for clarification.
Bernd

  1. Support Staff 1 Posted by Maarten Billemo... on 13 Jul, 2017 05:45 PM

    Maarten Billemont's Avatar

    Not at all, Bernd.

    The attacker budget message in the iPhone app is there to give you an estimation of the password's strength.

    The assumption here is that if the website of your account got hacked and a passwords database based on SHA-1 hashes was leaked within the hacker community or publicly; then a person would be able to try and hack your account's password for that site. In this event, it's important that you use complex passwords to protect yourself. Master Password offers several types of passwords, each with varying complexity.

    If the meter says "9 months", and the budget is set to Regular, then an attack of a private individual on your password based on a password database leak of your site would require the individual to run a dedicated exhaustive search with his full hardware capacity on your password, 24/7, for 9 months, before he'd be able to unscrable your password from it.

  2. 2 Posted by bernd.lentes on 13 Jul, 2017 06:01 PM

    bernd.lentes's Avatar

    Good to hear. Thanks.
    Bernd

  3. 3 Posted by Pia on 04 May, 2018 07:37 PM

    Pia's Avatar

    Hi Marteen
    But what is the effect of changing that budget? I expected the passwords would change when increasing it, but they remain.
    Thx, Pia

  4. Support Staff 4 Posted by Maarten Billemo... on 05 May, 2018 11:31 AM

    Maarten Billemont's Avatar

    The budget is there to give you an estimate in how long it will take to break your password off a data leak.

    It doesn't change the password. It changes the estimation of the time it takes to break your password.

    If a person can spend only 5$ / month to break into your account, it will take them longer than someone who can spend 5000$ / month on your account. This is about how much hardware and power costs they can afford. The only change in the app for the budget is the projected time it takes to break your password. If you want a stronger password, you need to change the password's type (eg. change it from long to maximum strength).

  5. Maarten Billemont closed this discussion on 05 May, 2018 11:31 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

 

07 May, 2018 12:35 PM
05 May, 2018 11:31 AM
05 May, 2018 08:13 AM
03 May, 2018 08:32 PM
01 May, 2018 12:43 PM
27 Apr, 2018 07:05 PM