From b2a09da7fdee0562089d9a38bbfa0d667823cfcd Mon Sep 17 00:00:00 2001 From: Romain Edelmann Date: Sat, 26 Apr 2014 09:53:14 +0200 Subject: [PATCH] Included luke-clifton as a contributor. Small clarification for cabal. --- README.md | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index a5abd7e..bccd3b3 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ Given the same information, `scat` will always generate the same password, so if you can always retrieve all the passwords generated by `scat`. Passwords generated by `scat` are very secure and independant of each others. If by misfortune one of the generated password is compromised, all other passwords are still safe, and so is the password you used to generate them. -## How to use +## How to use `scat` is a secure password generator. It does not replace your favorite secure key chain, but it should be seen as complementary to it. Use `scat` to generate a different password for each of the service you suscribe to, and use your key chain (such as [pwsafe][pwsafe] for instance) to keep the generated passwords. @@ -41,7 +41,7 @@ Let's say that you now want to generate a Facebook password: ``` > scat -c -S "facebook" -Password: +Password: Confirm: Code: AGDE2-DGXA4-33DLQ-WEDAP-GYPQ9 Generated password: @@ -56,7 +56,7 @@ However, as `scat` is fully deterministic, you can simply call it once more, to ``` > scat -c -S "facebook" -Password: +Password: Confirm: Code: AGDE2-DGXA4-33DLQ-WEDAP-GYPQ9 Generated password: @@ -104,7 +104,7 @@ Now, if you lose access to both your key chain and your code, all your passwords By default, `scat` will generate password of length 18, using a mix of lower case letters, upper case letters, digits and various ascii symbols. This leads to a password entropy of about 115 bits. Meaning that an attacker -knowing which schema you used and able to test a billion password per second would have to wait approximately 50 million times *the age of the universe* to +knowing which schema you used and able to test a billion password per second would have to wait approximately 50 million times *the age of the universe* to guess your password correctly. So it's pretty safe. Now, let's imagine for a second that an attacker gets to know one of your generated password. @@ -120,7 +120,7 @@ which will output 5 words out of the 7776 words of [the Diceware list][diceware] ``` > scat -c -S "facebook" -s diceware -Password: +Password: Confirm: Code: AGDE2-DGXA4-33DLQ-WEDAP-GYPQ9 Generated password: @@ -159,11 +159,11 @@ This integer seed will be consumed by `scat` to generate deterministically a new ## Installing -`scat` is freely available on [Hackage][hackage]. +`scat` is freely available on [Hackage][hackage]. 1. If you do not have Haskell and Cabal installed, please visit [the Haskell website and download the Haskell platform][haskell-platform]. -2. Update the list of cabal packages, by entering `cabal update`. +2. Update the list of cabal packages, by entering `cabal update`. Cabal is part of the Haskell platform. 3. Run the command `cabal install scat`. @@ -184,9 +184,10 @@ If you lack ideas but would like to participate anyway, you can also find here a ### Contributors -Name | Contributions -:-------------- | :--------------------------- -Romain Edelmann | Initial work on the project. +Name | Contributions +:----------------------------- | :--------------------------- +Romain Edelmann | Initial work on the project. +[luke-clifton][luke-clifton] | Fixed the package dependencies. Thanks! [hackage]: http://hackage.haskell.org/package/scat [yubico-key]: http://www.yubico.com/products/yubikey-hardware/ @@ -194,3 +195,4 @@ Romain Edelmann | Initial work on the project. [pwsafe]: http://nsd.dyndns.org/pwsafe/ [diceware]: http://world.std.com/~reinhold/diceware.html [haskell-platform]: http://www.haskell.org/platform/ +[luke-clifton]: https://github.com/luke-clifton