atoponce / webpassgen Goto Github PK
View Code? Open in Web Editor NEWSimple web-based password generator
Home Page: https://atoponce.github.io/webpassgen/
License: GNU Affero General Public License v3.0
Simple web-based password generator
Home Page: https://atoponce.github.io/webpassgen/
License: GNU Affero General Public License v3.0
There are 22 characters of different byte sizes:
At 22 unique whitespace characters, that's log2(22) ~= 4.459 bits per character. That means we should expect these character counts for the following minimum security levels:
I have read your blog post with great interest and have tried the tool.
You might be interested in this blog post
https://el-tramo.be/blog/diceware-nl/
that is describing additional (better?) lists for the Dutch language.
I suspect you will at least take a look and hopefully include this in your valuable tool.
Consider the following passphrase created from the Beale wordlist in the Diceware container:
privy m-16 suit saul fact kicks ooze
When checking the "Hyphenate" box, the passphrase then becomes:
privy-m-16-suit-saul-fact-kicks-ooze
If un-checking the "Hyphenate" box, the hyphen in the "m-16" word is lost:
privy m 16 suit saul fact kicks ooze
Probably the best way to fix this, is before un-hyphenating the passphrase, to check for hyphenated words in the selected wordlist, store any matches in a variable, and after removing all the hyphens, to restore the hyphenated word to its correct location.
I downloaded the code and opened index.html in Safari on OSX. Forms show up where I can select an option and press the "Generate" button, but clicking that button does nothing. I have javascript enabled. I'm suspecting that Safari by default blocks file:// javascript or something like that. If this is a common problem with Safari and this web page, it would be nice if the README file mentioned it and how to fix it.
Now with "Verb, Adjective, Noun" as a valid passphrase generator, it's possible that the passphrase extends 5 lines at 128 bits, and is common to be 3 lines at 80 bits. However, a "Base94" password will only ever occupy a single line. The UX isn't great here. Instead, adjust it such that the password is vertically aligned in the <div>
.
It would be useful to have an English list that balances these three goals:
I'm not sure of the best way to accomplish this. I'm envisioning an Alternate list that isn't "English (all)", but is instead a subset of the wordlists that make up that list. Perhaps called "English (common)" or "English (broad)" or "English (most)" or something like that. Specialized lists (like Star Trek, Simpsons, etc.) would be excluded.
Initial source lists might be:
... but with all capitalized words lower-cased (which would eliminate having to remember that words 2 and 5 are capitalized, etc., but that's up for discussion) and then deduplicated. My hope is that this will produce a list in the 20K range or higher.
Any future general (not topic-specific) English wordlists could also be added.
Mirrored a local copy and clicked around to try this out. When clicking Dark Mode, getting a:
Uncaught DOMException: Failed to read the 'rules' property from 'CSSStyleSheet': Cannot access rules at :1:25 error on latest chrome.
Upon review this appears to be due to the accessing of the stylesheet interface (css.rules[0]) locally (which for whatever reason, they decided should be a violation of CORS even when the index.html is served via file://).
Being what the function is doing with Dark Mode, this would seemingly be easily fixed by including both dark and light mode in the stylesheet and just activating using a selector. Happy to do a PR if you'd like.
(For many apps this wouldn't really be an issue, but given the security concerns with PW generation, it's probably fairly common for people to download and attempt to run locally without standing up a server. At first glance, don't see any other issues that would would make this not run perfectly fine locally?)
Refs:
https://stackoverflow.com/questions/48753691/cannot-access-cssrules-from-local-css-file-in-chrome-64/49160760#49160760
https://stackoverflow.com/questions/49161159/uncaught-domexception-failed-to-read-the-rules-property-from-cssstylesheet
Instructions to run the password generator locally on an iOS device from the ZIP file downloaded directly from GitHub.
Prerequisites:
Workflow:
Open the Safari browser.
Open the demo site at https://ae7.st/g/.
Scroll to the bottom and click the download link (insert screenshot).
This will open the releases page from the GitHub repository.
Click the link that says 'Source code (zip)'.
This will open the zip file in the Documents app.
Click the zip file, to expand it into it's own folder.
Move into the folder and click the Index file. This will open the local copy of the file.
Latin Extended is now showing all characters correctly on Android.
Along with the bits of entropy, and the character count, It might be informative to include a compact expression of how many "elements" there were in the source list ("7777 elements").
This could help shape intuitions for the layperson.
(There may be another term that is better than "element". I led with that because some of the lists are words, some are pseudo words, some are characters, etc.)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.