Password Generator

ψ

Password Generator

A short tutorial to show you how to create a JavaScript bookmarklet, which could be used to generate secure passwords.

password security is not related entrophy

It is a common opinion that a secure password is an unreadable mangle of letters, numbers and symbolic charaters. Some security checks will insist or even enforce these rules and the unfortunate realtity is that they are sometimes misinformed.

Which of these two passwords is more secure?

a) a!Zn3$.0 or b) password !

This is obviously a trick question. B is the correct answer. But why is that? The length of the password is by far the most important indication of its strengh.

Looking at them a has eight charaters and b has twenty-one.

Eight Twenty one
Search Space (power of 10) 6.70 x 10^15 1.57 x 10^37
Online Attack: (centuries) 2.13 thousand 4.99 trillion trillion
Offline Fast Attack: 18.62 hours 49.85 thousand trillion centuries
Massive Cracking Array: 1.12 minutes 49.85 trillion centuries

Try your own password with this haystack calculator from Gibson Research Corp. And look at this article on high powered GPU cracking.

The anatomy of our password generator:

We will start with a 16 charater length, it will always be that length. 0123456789abcdefg we want a unique password that is relative to the domain we are on. When we vist Google or Gmail then the password be unique to that domain. So we will use a portion of the domain, a simple trick so if we did not have access to this generator we could at least manually calculate the same result.

For example when we are visiting google.com the password might be 6elgoC4t$a1b2c3d

  1. a calculated checksum the length of the domain google 6 characters
  2. a string derived from context google reversed elgoog first 4 characterselgo
  3. a known/secrect seed C4t$ something meaninful to you CATS > C4ts > C4t$
  4. predictable padding to ensure length 1 + 4 + 4 = 9 (11 eleven places for padding)

How to make a bookmarklet

  1. Show bookmark bar
  2. Then, Right click and select "Add Page"
  3. Give the bookmark and Name and then
  4. in the URL field paste this: javascript:(function () { console.log(123); });
  5. Finish by clicking SAVE and the shortcut will appear on the bookmark bar.
(function (w, base = "D0g!", bypass = 1) {
// this is where the code will go ...
})(window);

and then

  const prompt = (msg, val = null) => {
return bypass ? val : w.prompt(msg, val);
};

const alphaNumeric = [...Array(26)]
.map((val, n) => (n + 1).toString(36) + (n + 10).toString(36))
.join("");

const getDomainParts = (host) => {
const array = host.split(".");
const length = array.length;
const name = array.slice(-2, -1);
const index = /(co|org|edu)$/gi.test(name) ? length - 3 : length - 2;
return array[index];
};

const getPassword = (sufix = base, length = 13, host = "google.com") => {
const n = 0;
const radix = 36;
const max = Math.max(Math.min(radix, Number(length)), radix / 2);
const serial = [...Array(max)]
.map((i, x) => (x + 10).toString(radix) + (x + 1))
.join("");
const parts = getDomainParts(host || w.location.host);
const reverse = parts.split("").reverse().join("");
const password = [
parts.length.toString(36),
`${reverse}0000`.slice(0, 4),
sufix,
serial,
]
.join("")
.slice(0, length);
const string = prompt(`Password: ${sufix} ${length} ${parts}`, password);
return string ? clipboard(string) : null;
};

function clipboard(innerHTML) {
function listener(e) {
e.clipboardData.setData("text/html", innerHTML);
e.clipboardData.setData("text/plain", innerHTML);
e.preventDefault();
console.log("Copy to clip", new Date(), innerHTML);
}
document.addEventListener("copy", listener);
document.execCommand("copy");
document.removeEventListener("copy", listener);
}

const getAttributes = (s) => {
const host = s || location.host;
return `${base} 16 ${host}`.split(" ");
};
getPassword.apply(this, getAttributes());
w.getPassword = getPassword;