I've just commited to my branch a working version of my password
Basically, there's a new service and implementation in these packages:
also storePassword and loadPassword methods in:
I introduced a new config property to store the encrypted passwords:
accountPrefix + ENCRYPTED_PASSWORD
The password loading method can detect if a non-encrypted property
accountPrefix + PASSWORD exists, encrypt and erase it.
Also In the code I made an assumption that if there is no
set, then that means we are using null as a master password (actually
null cannot be used for encryption, so I substitute it later with a
hardcoded value). Also when master is null, it means the user is
unaware of the master password and is never presented with a prompt to
When MASTER property is set then it's value is a string that
represents the encrypted master itself. This way I can check if the
master input from the user was correct or not. The master is asked
only once (well, until it is correct) for all accounts.
I don't really like the idea of using this MASTER property, but I
haven't come up with a better way to do this. Also, more testing is
Any suggestions and comments are welcome.