Comment Re:Difficult? (Score 1) 152
If only the passwords (& not usernames or URLs or whatnot) are encrypted & no checksum or other verification is used, then entering the wrong master password could very well cause it to decrypt to completely useless but structurally valid passwords.
Of course, care would need to be taken to ensure the result is always valid...probably have a "password format" field that indicates what format the password is allowed to have (at least 1 of each of these types of character, at least 8 characters & no more than 16, that sort of thing), then do a "base conversion" of sorts so that valid passwords map to consecutive integers. The only remaining problem is if the format does not pack nicely into an integral number of bits, since then you might get out-of-range values with certain choices for the master password, but this can either be ignored (you rule some fraction of the master passwords out but still have to do a lot of searching) or handled by randomly (not necessarily uniformly...) choosing any value that is equivalent modulo the number of passwords allowed by the format.