Personal Secret Handling
A Personal Secret is what makes your passwords yours. Without it, nobody can generate your passwords and because of this, it is treated specially:
- Personal Secrets are not permanently stored.
- When provided by you, your Personal Secret is immediately Encrypted and stored temporarily in memory. Encryption is performed as specified above with the exception that 300,000 PBKDF2 iterations are used (to reduce delay on slower devices due to frequent access).
- Personal Secrets remain in memory only while Passify or it's AutoFill extension is running (foreground or background) and only for a period of approximately 15 minutes.
- Personal Secrets are only briefly decrypted during password generation
- Because Personal Secrets are not permantently stored, Passify must periodically ask for you to provide it again.
- You can force a Personal Secret to be immediately cleared from memory at any time by tapping the lock icon in the upper-right corner of the screen or shaking the device.
Personal Secrets must match each time to get the same passwords. To help ensure you're using the same Personal Secret and not making typographic errors, Passify employs a secure technique for comparing against the previously entered Personal Secret. This comparison is performed without the need to store or decrypt your Personal Secrets. When you enter a Personal Secret:
- Passify combines your Personal Secret with a cryptographically generated random Salt value.
- The combined Secret and Salt are SHA512 hashed through 50,000 iterations. This is a one-way hash that cannot be reversed to discover the original values.
- Passify stores the new hash in OS-managed secure storage.
- Passify compares the hash with the previous hash, if available. If the hashes match, Passify knows the same Personal Secret was used both times without needing to know or store the Personal Secret.
Passify will notify you of a Personal Secret mismatch only a few times.After a few failed attemps, Passify will forcibly forget any previous hashes so that the mechanism cannot be used to guess your Personal Secret through trial-and-error.