tag:help.masterpassword.app,2014-09-03:/help/discussions/suggestions/32-add-option-to-store-no-hashes-on-java-desktop-appMaster Password: Discussion 2015-01-02T15:40:20Ztag:help.masterpassword.app,2014-09-03:Comment/356740932015-01-02T00:00:13Z2015-01-02T00:00:13ZAdd Option to store no hashes on Java-Desktop-App <div><p>Hey Cliff,</p>
<p>Two things:</p>
<ol>
<li>
<p>The hash is currently a SHA 256 of a 64-byte key, which means
there are
6277101735386680763835789423207666416102355444464034512896
permutations to test. Even at a hypothetical speed of 5 billion USD
worth of GPUs combined and devoted 100% to breaking your hash at a
rate of 35,642,857,142,857,142 guesses per second, it would still
take about 5725625218879999687704801695498240 years to search the
space. This is unlikely to be the weakest link into your
accounts.</p>
</li>
<li>
<p>This option does already exist. Tick the "incognito" box on the
bottom of the login frame.</p>
</li>
</ol>
<p>Cheers and let me know if you have any further thoughts,<br>
Maarten.</p></div>Maarten Billemonttag:help.masterpassword.app,2014-09-03:Comment/356740932015-01-02T00:47:41Z2015-01-02T00:47:41ZAdd Option to store no hashes on Java-Desktop-App <div><p>Hi Maarten,<br>
thanks for your quick and clear answer.<br>
One Addition to your second point: I recognized the Incognito-mode,
but then I have no access to my previous sites. I suggested a
interim solution, so I can access also my saved site-configurations
(for useability) without a Key-ID in the .mpsites file.<br>
I agree with you, that isn't the weakest link to my accounts. But,
my suggested option adds a plausible-deniability Feature, or am I
wrong (I wrote that with the commic of your faq-site in my mind ;)
)?<br>
(BTW: I just found a dirty-workaround: To delete the Key-ID line
after every use in the ~/.mpw.d/username.mpsites file)</p>
<p>Thanks again and good evening,<br>
Cliff</p></div>Clifftag:help.masterpassword.app,2014-09-03:Comment/356740932015-01-02T15:40:19Z2015-01-02T15:40:19ZAdd Option to store no hashes on Java-Desktop-App <div><p>Hey Cliff,</p>
<p>That's right, you can remove the KeyID from the mpsites file.
For the moment, the best recommendation I have to implement this
functionality is to fork the repo on github and modify it to not
save the KeyID, by commenting out this line: <a href=
"https://github.com/Lyndir/MasterPassword/blob/master/MasterPassword/Java/masterpassword-gui/src/main/java/com/lyndir/masterpassword/gui/ModelUser.java#L59">
https://github.com/Lyndir/MasterPassword/blob/master/MasterPassword...</a></p>
<p>Since I don't really have any "user preferences" yet, I'm not
yet able to add this. I'll keep it in the back of my mind, though,
for as soon as the Java GUI is expanded with a preferences section
to include this as a user option.</p></div>Maarten Billemont