js/scrypt-genpass
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
No description
This repository has been archived on 2025-06-24. You can view files and clone it, but you cannot make any changes to it's state, such as pushing and creating new issues, pull requests or comments.
34 commits 2 branches 0 tags 172 KiB
Find a file
Chris Oei 4ae843f18e Erase memory that might contain sensitive info
2012-09-03 16:44:24 -07:00
config.aux Import scrypt-1.1.6.tgz with SHA-256 2012-09-02 11:29:39 -07:00
lib Add simple algorithm for converting result hash to password 2012-09-03 13:55:29 -07:00
test Add simple algorithm for converting result hash to password 2012-09-03 13:55:29 -07:00
.gitignore Remove unused encryption/decryption routines from genpass 2012-09-02 19:01:02 -07:00
config.h.in Import scrypt-1.1.6.tgz with SHA-256 2012-09-02 11:29:39 -07:00
configure Import scrypt-1.1.6.tgz with SHA-256 2012-09-02 11:29:39 -07:00
FORMAT Fixed comment in FORMAT file 2012-09-02 20:56:42 -07:00
main.c Erase memory that might contain sensitive info 2012-09-03 16:44:24 -07:00
Makefile.in Add simple algorithm for converting result hash to password 2012-09-03 13:55:29 -07:00
README.md Updated README.md to mention the GitHub wiki page 2012-09-03 15:23:16 -07:00
scrypt.1 Import scrypt-1.1.6.tgz with SHA-256 2012-09-02 11:29:39 -07:00
scrypt_platform.h Import scrypt-1.1.6.tgz with SHA-256 2012-09-02 11:29:39 -07:00

README.md

There are a number of password generators such as SuperGenPass, PwdHash, etc. that generate a site-specific password from a master password and the site's URL. An attacker who obtains your site-specific password and the site's URL could attempt to determine your master password by brute-force. Typically, these password generators work by simply concatenating your master password with the site's URL and computing a cryptographic (SHA1 or MD5) hash. These hashes were designed such that they could be calculated very quickly, which the opposite of what we want. A more secure method would be to use PBKDF2 or bcrypt or Colin Percival's new scrypt algorithm, which would make a brute-force attack many orders of magnitude more difficult.

This project uses Colin Percival's scrypt as a password generator.

For documentation on how to use it, see

https://github.com/chrisoei/scrypt-genpass/wiki

For more details of how scrypt works, see

http://www.tarsnap.com/scrypt.html