Add abandonment note
This commit is contained in:
parent
9e363e9311
commit
43670ea142
GPG key ID:
C601EE21773E7C8F
30 changed files with 3 additions and 12316 deletions
25
README.md
25
README.md
|
|
@ -1,22 +1,3 @@
|
|||
There are a number of password generators such as SuperGenPass,
|
||||
PwdHash, etc. that generate a site-specific password from a master
|
||||
password and the site's URL. An attacker who obtains your site-specific
|
||||
password and the site's URL could attempt to determine your
|
||||
master password by brute-force. Typically, these password generators
|
||||
work by combining your master password with the site's URL and
|
||||
computing a cryptographic (SHA1 or MD5) hash (perhaps using HMAC).
|
||||
These hashes were designed such that they could be calculated very
|
||||
quickly, which the opposite of what we want. A more secure method
|
||||
would be to use PBKDF2 or bcrypt or Colin Percival's new scrypt
|
||||
algorithm, which would make a brute-force attack many orders of
|
||||
magnitude more difficult.
|
||||
|
||||
This project uses Colin Percival's scrypt as a password generator.
|
||||
|
||||
For documentation on how to use it, see
|
||||
|
||||
https://github.com/chrisoei/scrypt-genpass/wiki
|
||||
|
||||
For more details of how scrypt works, see
|
||||
|
||||
http://www.tarsnap.com/scrypt.html
|
||||
This fork of scrypt-genpass has been abandoned. Instead, a complete rewrite
|
||||
named [CryptoPassphrase](https://fl.nil.im/cryptopassphrase) is being actively
|
||||
maintained. Please use that instead!
|
||||
|
|
|
|||
Reference in a new issue