Wait, so if somebody learns my master password somehow, they automatically get access to every website I've registered in, without even needing to steal my database and such? Not sure that's a good idea.
I solved this problem in my deterministic password manager: passwords are generated from a keyfile, which is encrypted with your master password. This means that if someone gains access to your master password, they can't do anything without the keyfile, and likewise if someone gets access to the keyfile without the master password. Also, changing the master password becomes a simple operation (the keyfile is simply re-encrypted, no need to change site passwords). Since passwords are generated deterministically, the keyfile needs to be synced only once to all devices, after that you have syncless operation. https://github.com/baobabKoodaa/baopass
Encryption allows you to change the master password without forcing you to change all site passwords. To illustrate:
Scenario A: keyfile is encrypted with master password, site passwords are generated from plaintext keyfile. If the master password needs to be changed, the keyfile is simply encrypted again. The plaintext keyfile remains the same, which means all generated passwords remain the same. No need to change site passwords.
Scenario B: keyfile is not encrypted, both keyfile and master password are used as inputs to generate passwords. In this scenario, any change to the master password causes all generated passwords to change. This would obviously be undesirable.
The point is to decouple the master password from the generated passwords. The file can contain as much key material as you want, so it's stronger than any password you can remember.
Then I don't understand how you "combine the master key and keyfile data to create your key." How do you change the master password without changing the generated passwords?
