Security of master password in a derived password manager

I am aware of other questions asking similar things as this one, but I believe this design addresses many of the issues raised in those questions. I’m also not concerned with making sure there’s no database to store, only that the database doesn’t store any secrets.

Using some key derivation function KDF
    where KDF requires a secret managed elsewhere
With master password provided from elsewhere
Password requirements are the rules of what are allowed by the site,
    i.e. length, allowed character classes, required classes

# To register with a new site
With username provided from elsewhere
With password requirements provided from elswhere
Create a salt
Store site,password requirements,username,salt
Create key by KDF(salt, master password)
Convert key to generated password to fit password requirements
Give username and generated password to site
Register

# To login to a site
Retrieve password requirements,username,salt by site
Create key by KDF(salt, master password)
Convert key to generated password to fit password requirements
Give username and generated password to site
Login

Let’s say an attacker acquires both the store and the plaintext generated passwords, but not any secret parameters to the KDF.

  1. Does this design make it any easier for the attacker to find the master password than by a brute force attack?
  2. Is a brute force attack on this design easier than a brute force attack on an encrypted password store?
  3. Is this in any other way easier to attack than encrypted password managers that derive the encryption key from a master password?

Of course the list of sites and usernames itself is important information. I’m only wondering about the security of the master password.

Go to Source
Author: JamesH