Prevent typos when entering master password

[djrieger]

The Mac app from masterpasswordapp.com provides a feature I am missing in this Android app: When you enter your name and master password for the first time, it stores a hash of the data you entered. This way your master password remains secure and is not stored, but if you enter your master password again with a typo, the app tells you that you entered an incorrect password:

On the small screens of phones typos are even more common than on desktop PCs and in its current version the Android app derives passwords even if I entered my master password incorrectly, resulting in a bunch of wrong passwords.

[dkunzler]

I thought about this before releasing the app. In my opinion it is another layer of security since there is no hash of the master password stored that could be attacked. When an attacker gains access to the site data he has to brute force it by repeatedly logging in to one site. If the password hash is stored an attacker can directly attack the hash.

But I will perhaps implement it as an optional feature in the future.

[djrieger]

I don't really consider a hash a security risk since it should not be feasible to deduce a decent (master) password from such a hash. But I would love to have this option as a feature I can enable in settings, e.g.