atoponce / webpassgen Goto Github PK

Simple web-based password generator

Home Page: https://atoponce.github.io/webpassgen/

License: GNU Affero General Public License v3.0

HTML 22.22% JavaScript 74.87% CSS 2.91%

password generator diceware diceware-passphrases diceware-passphrase-generator diceware-password password-generator entropy passphrase passphrase-generator

webpassgen's Introduction

Web-based Password Generator

This is a simple web-based password generator which uses 6-different styles of passwords that can fit personal preferences, or restrictions from websites that require the password in a certain format.

Everything is calculated in JavaScript locally, and the passwords are not sent to the server for logging. You should be able to download this code, and run it offline, if you're truly paranoid.

The project takes advantage of localStorage to save state across browser sessions. This is needed to keep track of which security level you prefer when generating and passwords, and if using the mouse entropy generator, saving the debiased true random data. localStorage is not a cookie and is never communicated with a web server.

Desktop Screenshots

Mobile-Friendly Screenshots

Supported Languages

Here is the full breakdown of language support across the passphrase generators:

ID	ISO	Language	Unique	Alt.	Bit.	Mon.	Dice	EFF	Notes
1	--	Elvish	7,776	✔️
2	--	Klingon	2,604	✔️
3	AF	Afrikaans	6,567	✔️
4	BE	Belrusian	5,676	✔️
5	BG	Bulgarian	7,776				✔️		List by Assen Vassilev
6	CA	Catalan	7,776				✔️
7	CN	Chinese	var.		✔️	✔️	✔️
8	CZ	Czech	var.		✔️		✔️
9	DA	Danish	7,776				✔️
10	DE	German	1,626			✔️	✔️
11	EL	Greek	7,776				✔️
12	EN	English	var.	✔️	✔️	✔️	✔️	✔️
13	EO	Esperanto	var.			✔️	✔️
14	ES	Spanish	var.		✔️	✔️	✔️
15	ET	Estonian	7,776				✔️
16	EU	Basque	7,776				✔️
17	FI	Finnish	7,776				✔️
18	FR	French	var.		✔️	✔️	✔️
19	HR	Croatian	9,204	✔️
20	HU	Hungarian	7,776				✔️
21	IT	Italian	var.		✔️	✔️	✔️
22	IW	Hebrew	7,776				✔️
23	JBO	Lojban	1,626			✔️
24	JP	Japanese	var.		✔️	✔️	✔️
25	KO	Korean	2,048		✔️
26	LA	Latin	7,776				✔️
27	MI	Maori	7,776				✔️
28	MN	Mongolian	4,124	✔️
29	NL	Dutch	var.			✔️	✔️		Alternate composite
30	NO	Norwegian	7,776				✔️
31	PL	Polish	7,776				✔️
32	PT	Portuguese	var.		✔️	✔️	✔️
33	RO	Romanian	7,776				✔️
34	RU	Russian	var.			✔️	✔️
35	SK	Slovak	7,776				✔️
36	SL	Slovenian	7,776				✔️
37	SR	Serbian	8,670	✔️
38	SV	Swedish	7,776				✔️		7,775 unique at first. Added "2a".
39	TR	Turkish	7,776				✔️		7,775 unique at first. Added "2a".
40	UK	Ukranian	7,000	✔️

Here is the Chinese breakdown:

ID	Name	Wordlist	Unique	Notes
7a	Chinese (Simp.)	Bitcoin	2,048
7b	Chinese (Trad.)	Bitcoin	2,048
7c	Chinese	Diceware	8,192	Pinyin 8k word list
7d	Chinese	Monero	1,626

Here is the Czech breakdown:

ID	Name	Wordlist	Unique
8a	Czech	Bitcoin	2,048
8b	Czech	Diceware	7,776
8c	Czech	Monero	1,626

Here is the English breakdown:

ID	Name	Wordlist	Unique	Notes
12a	Colors	Alternate	1,029	More available in the project
12b	Deseret	Alternate	7,776	Alternate English alphabet
12c	DIBELS	Pseudowords	3,215
12d	Distant	EFF	1,296
12e	English	Bitcoin	2,048
12f	English	Diceware	8,192	8k word list
12g	English	Monero	1,626
12h	English (Beale)	Diceware	7,776
12i	English (NLP)	Diceware	9,072	1,296 adjectives, 7,776 nouns
12j	Game of Thrones	EFF	4,000	Unofficial
12k	Harry Potter	EFF	4,000	Unofficial
12l	Long	EFF	1,296
12m	Lord of the Rings	Alternate	8,192	Eyeware list
12n	Obscure	Alternate	19,687	Compiled from phrontistry.info
12o	PGP	Alternate	512
12p	Pokerware	Alternate	5,304	Formal list
12q	RockYou	Alternate	7,776	Primarily English. RockYou breach
12r	S/KEY	Alternate	2,048	RFC 2289
12s	Shavian	Alternate	7,776	Alternate English alphabet
12t	Short	EFF	1,296
12u	Simpsons	Alternate	5,000	From Peerio
12v	Star Trek	EFF	4,000	Unofficial
12w	Star Wars	EFF	4,000	Unofficial
12x	Trump	Alternate	8,192	From his Twitter account
12y	Verb, Adjective, Noun	Alternate	1,207	432 verbs, 373 adjectives, 402 nouns
12z	Wordle	Alternate	5,790	See comment in word list

Here is the Spanish breakdown:

ID	Name	Wordlist	Unique	Notes
14a	Spanish	Bitcoin	2,048
14b	Spanish	Diceware	7,776	7,773 unique at first. Added ", "", and """
14c	Spanish	Monero	1,626

Here is the French breakdown:

ID	Name	Wordlist	Unique
18a	French	Bitcoin	2,048
18b	French	Diceware	7,776
18c	French	Monero	1,626

Here is the Italian breakdown:

ID	Name	Wordlist	Unique
21a	Italian	Bitcoin	2,048
21b	Italian	Diceware	7,776
21c	Italian	Monero	1,626

Here is the Japanese breakdown:

ID	Name	Wordlist	Unique
24a	Japanese	Bitcoin	2,048
24b	Japanese	Diceware	7,776
24c	Japanese	Monero	1,626

Here is the Portuguese breakdown:

ID	Name	Wordlist	Unique
32a	Portuguese	Bitcoin	2,048
32b	Portuguese	Diceware	7,776
32c	Portuguese	Monero	1,626

Here is the Russian breakdown:

ID	Name	Wordlist	Unique	Notes
34a	Russian	Diceware	7,776
34b	Russian	Monero	1,626

webpassgen's People

Contributors

Stargazers

Watchers

webpassgen's Issues

feature: element count

Along with the bits of entropy, and the character count, It might be informative to include a compact expression of how many "elements" there were in the source list ("7777 elements").

This could help shape intuitions for the layperson.

(There may be another term that is better than "element". I led with that because some of the lists are words, some are pseudo words, some are characters, etc.)

README images

Download doesn't work on Safari

I downloaded the code and opened index.html in Safari on OSX. Forms show up where I can select an option and press the "Generate" button, but clicking that button does nothing. I have javascript enabled. I'm suspecting that Safari by default blocks file:// javascript or something like that. If this is a common problem with Safari and this web page, it would be nice if the README file mentioned it and how to fix it.

Fix bug counting whitespace passwords

There are 22 characters of different byte sizes:

" ": U+0020 (1 byte)
"᠎": U+180E (3 bytes)
" ": U+2000 (3 bytes)
" ": U+2001 (3 bytes)
" ": U+2002 (3 bytes)
" ": U+2003 (3 bytes)
" ": U+2004 (3 bytes)
" ": U+2005 (3 bytes)
" ": U+2006 (3 bytes)
" ": U+2007 (3 bytes)
" ": U+2008 (3 bytes)
" ": U+2009 (3 bytes)
" ": U+200A (3 bytes)
"": U+200B (3 bytes)
"‌": U+200C (3 bytes)
"‍": U+200D (3 bytes)
" ": U+202F (3 bytes)
"⁠": U+2060 (3 bytes)
"　": U+3000 (3 bytes)
"": U+FEFF (3 bytes)
"󠀠": U+E0020 (4 bytes)

At 22 unique whitespace characters, that's log2(22) ~= 4.459 bits per character. That means we should expect these character counts for the following minimum security levels:

56 bits: 13 characters
64 bits: 15 characters
72 bits: 17 characters
80 bits: 18 characters
88 bits: 20 characters
96 bits: 22 characters
104 bits: 24 characters
112 bits: 26 characters
120 bits: 27 characters
128 bits: 29 characters

Adjust password vertically

Now with "Verb, Adjective, Noun" as a valid passphrase generator, it's possible that the passphrase extends 5 lines at 128 bits, and is common to be 3 lines at 80 bits. However, a "Base94" password will only ever occupy a single line. The UX isn't great here. Instead, adjust it such that the password is vertically aligned in the <div>.

Instructions to run locally on iOS devices

Instructions to run the password generator locally on an iOS device from the ZIP file downloaded directly from GitHub.

Prerequisites:

Install the Readdle Documents app on your iOS device

Workflow:

Open the Safari browser.
Open the demo site at https://ae7.st/g/.
Scroll to the bottom and click the download link (insert screenshot).

This will open the releases page from the GitHub repository.
Click the link that says 'Source code (zip)'.

This will open the zip file in the Documents app.
Click the zip file, to expand it into it's own folder.

Move into the folder and click the Index file. This will open the local copy of the file.

Ship font with large Unicode support

Latin Extended is now showing all characters correctly on Android.

Spell check the Bulgarian word list

The original Bulgarian word list, after using OCR, diff, and other tools that is currently checked into Github is here: https://ae7.st/p/5ah

To make this a bit more manageable, here it is split into 12 files:

Add additional Dutch word lists

I have read your blog post with great interest and have tried the tool.

You might be interested in this blog post

https://el-tramo.be/blog/diceware-nl/

that is describing additional (better?) lists for the Dutch language.

I suspect you will at least take a look and hopefully include this in your valuable tool.

Entropy toolbar text problems

In my Chromium browser on one desktop, I see the following:

Stylesheet can't be loaded when accessed locally (file://) (CORS)

Mirrored a local copy and clicked around to try this out. When clicking Dark Mode, getting a:
Uncaught DOMException: Failed to read the 'rules' property from 'CSSStyleSheet': Cannot access rules at :1:25 error on latest chrome.

Upon review this appears to be due to the accessing of the stylesheet interface (css.rules[0]) locally (which for whatever reason, they decided should be a violation of CORS even when the index.html is served via file://).

Being what the function is doing with Dark Mode, this would seemingly be easily fixed by including both dark and light mode in the stylesheet and just activating using a selector. Happy to do a PR if you'd like.

(For many apps this wouldn't really be an issue, but given the security concerns with PW generation, it's probably fairly common for people to download and attempt to run locally without standing up a server. At first glance, don't see any other issues that would would make this not run perfectly fine locally?)

Refs:
https://stackoverflow.com/questions/48753691/cannot-access-cssrules-from-local-css-file-in-chrome-64/49160760#49160760
https://stackoverflow.com/questions/49161159/uncaught-domexception-failed-to-read-the-rules-property-from-cssstylesheet

Pre-hyphenated words lose their hyphen

Consider the following passphrase created from the Beale wordlist in the Diceware container:

privy m-16 suit saul fact kicks ooze

When checking the "Hyphenate" box, the passphrase then becomes:

privy-m-16-suit-saul-fact-kicks-ooze

If un-checking the "Hyphenate" box, the hyphen in the "m-16" word is lost:

privy m 16 suit saul fact kicks ooze

Probably the best way to fix this, is before un-hyphenating the passphrase, to check for hyphenated words in the selected wordlist, store any matches in a variable, and after removing all the hyphens, to restore the hyphenated word to its correct location.

feature: extended general English list

It would be useful to have an English list that balances these three goals:

minimizes memorization effort
maximizes the chances that the word will be familiar to most speakers
keeps entropy at an acceptable level

I'm not sure of the best way to accomplish this. I'm envisioning an Alternate list that isn't "English (all)", but is instead a subset of the wordlists that make up that list. Perhaps called "English (common)" or "English (broad)" or "English (most)" or something like that. Specialized lists (like Star Trek, Simpsons, etc.) would be excluded.

Initial source lists might be:

All EFF English lists
Bitcoin English
English (NLP)
PGP
Pokerware
Wordle

... but with all capitalized words lower-cased (which would eliminate having to remember that words 2 and 5 are capitalized, etc., but that's up for discussion) and then deduplicated. My hope is that this will produce a list in the 20K range or higher.

Any future general (not topic-specific) English wordlists could also be added.