Wipe masterPassword on authentication & misc improvements.

core/java/model/src/main/java/com/lyndir/masterpassword/model/MPUser.java

@@ -57,6 +57,7 @@ public interface MPUser<S extends MPSite<?>> extends Comparable<MPUser<?>> {
      * Note: If a keyID is not set, authentication will always succeed and the keyID will be set to match the given master password.
      *
      * @param masterPassword The password to authenticate with.
+     *                       You cannot re-use this array after passing it in, authentication will destroy its contents.
      *
      * @throws MPIncorrectMasterPasswordException If authentication fails due to the given master password not matching the user's keyID.
      */

core/java/model/src/main/java/com/lyndir/masterpassword/model/impl/MPBasicSite.java

@@ -123,7 +123,7 @@ public abstract class MPBasicSite<Q extends MPQuestion> implements MPSite<Q> {
     }
 
     protected String getState(final MPKeyPurpose keyPurpose, @Nullable final String keyContext,
-                              @Nullable final UnsignedInteger counter, final MPResultType type, @Nullable final String state)
+                              @Nullable final UnsignedInteger counter, final MPResultType type, final String state)
             throws MPKeyUnavailableException {
 
         return getUser().getMasterKey().siteState(