It seems to me (hence this question), that storing all your passwords online and accessing them with a single “unlock” password would be extremely dangerous. If the locker service is itself hacked, then the hackers will have ALL your passwords for the price of getting one password.
In: Technology
To put it in ELI5 terms: Imagine I tell you to think of a number but not tell me. Let’s say you pick 25. That is now your key (master password) and only you know it. When you need to give me a password to store, you first multiply the password by your master key and give me the end result.
Let’s say you want to store the password “1234”. You would take 1234 and multiply it by the master key you chose (25) and get the result: 30,850. I will now store “30,850” on my server as the password. Any time you need to access that password, I will send you 30,850. Since you know your master key is 25, you do 30,850 ÷ 25 and presto: you now see the password is 1234.
If a hacker were to break into my system and read your password, they would see the encrypted password 30,850. The only way for them to figure out the real password would be to know what your master key is.
Of course real encryption uses infinitely more math and added complications like hashing and salting, but that’s the incredibly dumbed down version of the system, enough that a kid could get it.
Latest Answers