|
|
||
|---|---|---|
| config.aux | ||
| lib | ||
| .gitignore | ||
| config.h.in | ||
| configure | ||
| FORMAT | ||
| main.c | ||
| Makefile.in | ||
| README.md | ||
| scrypt.1 | ||
| scrypt_platform.h | ||
There are a number of password generators such as SuperGenPass, PwdHash, etc. that generate a site-specific password from a master password and the site's URL. An attacker who obtains your site-specific password and the site's URL could attempt to determine your master password by brute-force. Typically, these password generators work by simply concatenating your master password with the site's URL and computing a cryptographic (SHA1 or MD5) hash. These hashes were designed such that they could be calculated very quickly, which the opposite of what we want. A more secure method would be to use PBKDF2 or bcrypt or Colin Percival's new scrypt algorithm, which would make a brute-force attack many orders of magnitude more difficult.
This project uses Colin Percival's scrypt as a password generator.
For more details of how scrypt works, see