Things left to do on the paper:

D fix description and depiction of username
D mention that we plan to post for download at passpet.org
D fix spacing before references

D mention entropy estimation in future work
D section on limitations
  D since username@host is used for hashing, cannot switch storage
    servers without changing all passwords (discuss possibility of
    using salt instead, storing salt, etc.)
  D risks of non-SSL password capture
D rework conclusion
- rework abstract
- maybe use only master_username for salt?

Making the implementation catch up:

D rehash if number, uppercase, lowercase not all present
- make entropy estimation handle Unicode
D autofill username