This section provides technical details for review that confirm the claimed security of password storage.
First, let's make sure that neither the master password nor the passwords themselves are transmitted to the server in unencrypted form.
Creating a category with a master password
Try to create a new category and specify the master password. In the network, we see the save request and make sure that the master password is not sent to the server: the parameter encrypted_sample_password is not the encrypted master password, as it may seem, but a validation text, encrypted using your master password as a key.
This pattern will be used to validate the correctness of the entered master password in the future. That is, it is not the master password and you cannot get it back from here:
Saving the password
Try to create a new password, enter the data and save it. In the network we see that the password is not sent to the server in unencrypted form (it is encrypted by your master password):
Mechanics of operation
When creating a category, you set a master password, which is used as the encryption key for the verification text.
When you save the next password before sending it to the server, it is encrypted using your master password.
When checking the master password that you entered, the system tries to re-encrypt the check text and compares it with the one that came from the server. And if the result is the same, the system lets you go on.