dkunzler
commented
6 years ago Hi,
in the default configuration nothing is stored about the master password.
You can enable password checking in the settings. Then a hash is stored to check at login if the password was entered correctly.
You can also enable fingerprint. Then the master password itself is stored encrypted in the secure enclave of the device via the Android KeyStore.
In both variants a warning is shown to the user that this decreases security.
Hey man,
first of all thanks for this lovely implementation of master password for Android. But I am somehow concerned with something that totally undermines the idea of masterpassword itself.
I've come to the conclusion that the app stores your master password somehow, is this correct? I've searched in the application data file, and there is a password hash field. Is this the encrypted master password?
If this is the case i have some ideas on how to counter it. Thanks mate!
EDIT: a fault of mine, i just noticed the option to verify the password at login, not really self explanatory, but i managed. :)