xkcd-passphrase
Overview
A passphrase generator inspired by xkcd #936, designed to provide a high level of security and memorability. By default, passwords are generated with strength equivalent to a random 128-bit key.
Usage caveats:
-
If end consumers of these generated passphrases are given the ability to easily regenerate and cycle through them until they find ones they like, the level of security provided drops substantially.
-
While the architecture has been vetted by Cure53, the code itself has not yet been audited. Use at your own risk.
Example Usage
import {xkcdPassphrase} from 'xkcd-passphrase';
console.log(await xkcdPassphrase.generate());
/* collision pest numerous baboon tarnish aimee airgas swivel navigate */
console.log(await xkcdPassphrase.generate(256));
/*
* provolone email darkish symptom unending bridges bianca carport culminate vacancy
* rehydrate disjoin rotten cornball mousiness cephalon appear buddhism vanity
*/
console.log(await xkcdPassphrase.generate(512));
/*
* minneapolis detonate headsman jacob lumber custodian glimmer silt lipton carded
* avalanche shady launder issueless freebee maude unedited spearhead nickname fleshed
* dissuade rudolph spouse lupe babolat severity chapman liquefy skunk humongous chatroom
* eatable kay cypress olson found emergency tree
*/
console.log(await xkcdPassphrase.generate(32, [
'my',
'awful',
'custom',
'word',
'list',
'that',
'I',
'created',
'while',
'drunk'
]));
/* that awful that custom list word list that custom custom */
console.log(await xkcdPassphrase.generateWithWordCount(4));
/* oscar jury email tugboat */
Changelog
Breaking changes in major versions:
3.0.0:
- As part of upgrading from asm.js to WebAssembly (with asm.js included as a fallback), the API is fully asynchronous.
2.0.0:
- Module bundling support.