Please clarify the risks of PIN-only unlock use

OK, but retrieve it from where? Based on the information provided by @RobertT in this thread, the encrypted master key is likely stored in one of the values “keyHash”, “encKey”, or “encPrivateKey” that are saved in the data.json file.

The questions remain – how well is the hashed master key encrypted, if it can be used to retrieve the master key using a PIN, and how well is the local vault itself encrypted (compared to the AES-256 encryption and 200,001-iteration PBKDF2 stretching that is used for cloud storage of the vault)?

1 Like