Have opinions about JavaScript? We want to hear them. Take the 2018 JavaScript Ecosystem Survey »

javascript-strong-password-generator

1.0.2 • Public • Published

javascript-strong-password-generator

JavaScript Strong Password Generator: based on Jeff Atwood's Post "Password Rules Are Bullshit".

You can view a working demo at https://www.sethserver.com/strong-random-password-generator.html

Currently uses six unicode blocks, and I don't see why we can't use them all; this just makes the best looking passwords.

Installation

npm i javascript-strong-password-generator

Basic Usage

This is a quick out-of-the-box usage example. This is not how you'd use it in production if you want it to be secure, but it will give you a decent random unicode password.

const jsspg = require('javascript-strong-password-generator');
 
jsspg.init();
const newPassword = jsspg.generate();
 
console.log(newPassword);

Command-line Usage

JSSPG includes a simple command-line app that will generate a single random password seeded by your local environment.

$ js-spg
ƗÇŒk😪Ư2ëjOåęğ⚎Ŭ☦Ƙ🙅ēňxę😣☨😺Ú

Advanced Usage

To reduce predictability add entropy from dynamic sytem state inforation such as CPU usage, number of active processes, availalbe ram and disk io.

const jsspg = require('javascript-strong-password-generator');
const si = require('systeminformation');
const sha512 = require('js-sha512');
 
let entropyval;
 
function entropyAccumFunction() {
  return new Promise(async (resolve) => {
    const cpuSpeed = await si.cpu();
    const processes = await si.processes();
    const disksIO = await si.disksIO();
    const memory = await si.mem();
 
    entropyval = sha512(`${JSON.stringify(cpuSpeed)}:${JSON.stringify(processes)}:${JSON.stringify(disksIO)}:${JSON.stringify(memory)}`);
 
    resolve();
  });
}
 
function entropyFunction() {
  return entropyval;
}
 
async function run() {
  await entropyAccumFunction();
 
  jsspg.init({
    timeBasedEntropy: false,
    entropyFxn: entropyFunction,
  });
 
  process.stdout.write(`${jsspg.generate()}\n`);
}
 
run();

Building for Browsers

This will generate a ./build/jsspg.min.js file for use in a web browser.

$ npm run webpack

Basic Browser Usage

<script src="js/jsspg.min.js"></script>
<script>
(function () {
  jsspg.init();
 
  var newPassword = jsspg.generate()
  alert(newPassword);
})();
</script>

Core Concept

Just read "Password Rules Are Bullshit".

API

jsspg.init(options)

Options [{ k: v }]

  • entropyFxn [function fxn()]: Custom entropy function. Must return an Array or string of length fortuna.entropySz (128 by default)
  • timeBasedEntropy [bool]: Detaches the reseeding of the algorithm from the call to random().
  • accumulateTimeout [int]: The amount of time in milliseconds between each timeBasedEntropy call. Requires timeBasedEntropy to be true.

jsspg.generate(passwordLength)

Generates a random Unicode password of length passwordLength (length is Unicode characters, not bytes).

install

npm i javascript-strong-password-generator

Downloadsweekly downloads

10

version

1.0.2

license

Apache 2.0

homepage

github.com

repository

Gitgithub

last publish

collaborators

  • avatar
Report a vulnerability