From b490e825f339d09919b1358f91edea33991085a1 Mon Sep 17 00:00:00 2001
From: Chris Oei <zlkm208-scryptgenpass@yahoo.com>
Date: Sun, 2 Sep 2012 11:26:03 -0700
Subject: [PATCH] Initial commit consists of a README.md and .gitignore

---
 .gitignore |  1 +
 README.md  | 16 ++++++++++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.md

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1b53ace
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.svn/
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..9c5d866
--- /dev/null
+++ b/README.md
@@ -0,0 +1,16 @@
+There are a number of password generators such as SuperGenPass, PwdHash, etc.
+that generate a site-specific password from a master password and the site's
+URL. An attacker who obtains your site-specific  password and the site's URL
+could attempt to determine your master password by brute-force. Typically,
+these password generators work by simply concatenating your master password
+with the site's URL and computing a cryptographic (SHA1 or MD5) hash. These
+hashes were designed such that they could be calculated very quickly, which
+the opposite of what we want. A more secure method would be to use PBKDF2 or
+bcrypt or Colin Percival's new scrypt algorithm, which would make a brute-force 
+attack many orders of magnitude more difficult.
+
+This project uses Colin Percival's scrypt as a password generator.
+
+For more details of how scrypt works, see
+
+  http://www.tarsnap.com/scrypt.html