js/scrypt-genpass
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
No description
This repository has been archived on 2025-06-24. You can view files and clone it, but you cannot make any changes to it's state, such as pushing and creating new issues, pull requests or comments.
49 commits 2 branches 0 tags 172 KiB
Find a file
Jonathan Schleifer 9e363e9311 Make repeating password optional with -r 
This is useful when creating a new password, but annoying when just
using it to calculate the password to log in.
2014-09-22 21:00:50 +02:00
config.aux Import scrypt-1.1.6.tgz with SHA-256 2012-09-02 11:29:39 -07:00
lib Add verbose mode 2014-09-18 14:02:24 +02:00
test test/test.bash: Use new -v option 2014-09-20 00:31:34 +02:00
.gitignore Remove unused encryption/decryption routines from genpass 2012-09-02 19:01:02 -07:00
config.h.in Import scrypt-1.1.6.tgz with SHA-256 2012-09-02 11:29:39 -07:00
configure Import scrypt-1.1.6.tgz with SHA-256 2012-09-02 11:29:39 -07:00
FORMAT Fixed comment in FORMAT file 2012-09-02 20:56:42 -07:00
main.c Make repeating password optional with -r 2014-09-22 21:00:50 +02:00
Makefile.in Report commit hash in usage message 2012-09-08 13:12:32 -07:00
README.md Tweaked README.md 2012-09-04 08:26:15 -07:00
scrypt.1 Import scrypt-1.1.6.tgz with SHA-256 2012-09-02 11:29:39 -07:00
scrypt_platform.h Import scrypt-1.1.6.tgz with SHA-256 2012-09-02 11:29:39 -07:00

README.md

There are a number of password generators such as SuperGenPass, PwdHash, etc. that generate a site-specific password from a master password and the site's URL. An attacker who obtains your site-specific
password and the site's URL could attempt to determine your master password by brute-force. Typically, these password generators work by combining your master password with the site's URL and computing a cryptographic (SHA1 or MD5) hash (perhaps using HMAC). These hashes were designed such that they could be calculated very quickly, which the opposite of what we want. A more secure method would be to use PBKDF2 or bcrypt or Colin Percival's new scrypt algorithm, which would make a brute-force attack many orders of magnitude more difficult.

This project uses Colin Percival's scrypt as a password generator.

For documentation on how to use it, see

https://github.com/chrisoei/scrypt-genpass/wiki

For more details of how scrypt works, see

http://www.tarsnap.com/scrypt.html