Initial commit consists of a README.md and .gitignore
This commit is contained in:
Chris Oei
commit
b490e825f3
2 changed files with 17 additions and 0 deletions
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
|
@ -0,0 +1 @@
|
|||
.svn/
|
||||
16
README.md
Normal file
16
README.md
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
There are a number of password generators such as SuperGenPass, PwdHash, etc.
|
||||
that generate a site-specific password from a master password and the site's
|
||||
URL. An attacker who obtains your site-specific password and the site's URL
|
||||
could attempt to determine your master password by brute-force. Typically,
|
||||
these password generators work by simply concatenating your master password
|
||||
with the site's URL and computing a cryptographic (SHA1 or MD5) hash. These
|
||||
hashes were designed such that they could be calculated very quickly, which
|
||||
the opposite of what we want. A more secure method would be to use PBKDF2 or
|
||||
bcrypt or Colin Percival's new scrypt algorithm, which would make a brute-force
|
||||
attack many orders of magnitude more difficult.
|
||||
|
||||
This project uses Colin Percival's scrypt as a password generator.
|
||||
|
||||
For more details of how scrypt works, see
|
||||
|
||||
http://www.tarsnap.com/scrypt.html
|
||||
Reference in a new issue