Initial commit consists of a README.md and .gitignore
This commit is contained in:
Chris Oei
commit
b490e825f3
2 changed files with 17 additions and 0 deletions
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
.svn/
|
||||||
16
README.md
Normal file
16
README.md
Normal file
|
|
@ -0,0 +1,16 @@
|
||||||
|
There are a number of password generators such as SuperGenPass, PwdHash, etc.
|
||||||
|
that generate a site-specific password from a master password and the site's
|
||||||
|
URL. An attacker who obtains your site-specific password and the site's URL
|
||||||
|
could attempt to determine your master password by brute-force. Typically,
|
||||||
|
these password generators work by simply concatenating your master password
|
||||||
|
with the site's URL and computing a cryptographic (SHA1 or MD5) hash. These
|
||||||
|
hashes were designed such that they could be calculated very quickly, which
|
||||||
|
the opposite of what we want. A more secure method would be to use PBKDF2 or
|
||||||
|
bcrypt or Colin Percival's new scrypt algorithm, which would make a brute-force
|
||||||
|
attack many orders of magnitude more difficult.
|
||||||
|
|
||||||
|
This project uses Colin Percival's scrypt as a password generator.
|
||||||
|
|
||||||
|
For more details of how scrypt works, see
|
||||||
|
|
||||||
|
http://www.tarsnap.com/scrypt.html
|
||||||
Reference in a new issue