Password Generator
A short tutorial to show you how to create a JavaScript bookmarklet, which could be used to generate secure passwords.
password security is not related entrophy
It is a common opinion that a secure password is an unreadable mangle of letters, numbers and symbolic charaters. Some security checks will insist or even enforce these rules and the unfortunate realtity is that they are sometimes misinformed.
Which of these two passwords is more secure?
a) a!Zn3$.0
or b) password !
This is obviously a trick question. B is the correct answer. But why is that? The length of the password is by far the most important indication of its strengh.
Looking at them a
has eight charaters and b
has twenty-one.
Eight | Twenty one | |
---|---|---|
Search Space (power of 10) | 6.70 x 10^15 | 1.57 x 10^37 |
Online Attack: (centuries) | 2.13 thousand | 4.99 trillion trillion |
Offline Fast Attack: | 18.62 hours | 49.85 thousand trillion centuries |
Massive Cracking Array: | 1.12 minutes | 49.85 trillion centuries |
Try your own password with this haystack calculator from Gibson Research Corp. And look at this article on high powered GPU cracking.
The anatomy of our password generator:
We will start with a 16 charater length, it will always be that length. 0123456789abcdefg
we want a unique password that is relative to the domain we are on. When we vist Google or Gmail then the password be unique to that domain. So we will use a portion of the domain, a simple trick so if we did not have access to this generator we could at least manually calculate the same result.
For example when we are visiting google.com
the password might be 6elgoC4t$a1b2c3d
- a calculated checksum the length of the domain
google
6 characters - a string derived from context
google
reversedelgoog
first 4 characterselgo
- a known/secrect seed
C4t$
something meaninful to youCATS
>C4ts
>C4t$
- predictable padding to ensure length 1 + 4 + 4 = 9 (11 eleven places for padding)
How to make a bookmarklet
- Show bookmark bar
- Then, Right click and select "Add Page"
- Give the bookmark and
Name
and then - in the URL field paste this:
javascript:(function () { console.log(123); });
- Finish by clicking SAVE and the shortcut will appear on the bookmark bar.
(function (w, base = "D0g!", bypass = 1) {
// this is where the code will go ...
})(window);
and then
const prompt = (msg, val = null) => {
return bypass ? val : w.prompt(msg, val);
};
const alphaNumeric = [...Array(26)]
.map((val, n) => (n + 1).toString(36) + (n + 10).toString(36))
.join("");
const getDomainParts = (host) => {
const array = host.split(".");
const length = array.length;
const name = array.slice(-2, -1);
const index = /(co|org|edu)$/gi.test(name) ? length - 3 : length - 2;
return array[index];
};
const getPassword = (sufix = base, length = 13, host = "google.com") => {
const n = 0;
const radix = 36;
const max = Math.max(Math.min(radix, Number(length)), radix / 2);
const serial = [...Array(max)]
.map((i, x) => (x + 10).toString(radix) + (x + 1))
.join("");
const parts = getDomainParts(host || w.location.host);
const reverse = parts.split("").reverse().join("");
const password = [
parts.length.toString(36),
`${reverse}0000`.slice(0, 4),
sufix,
serial,
]
.join("")
.slice(0, length);
const string = prompt(`Password: ${sufix} ${length} ${parts}`, password);
return string ? clipboard(string) : null;
};
function clipboard(innerHTML) {
function listener(e) {
e.clipboardData.setData("text/html", innerHTML);
e.clipboardData.setData("text/plain", innerHTML);
e.preventDefault();
console.log("Copy to clip", new Date(), innerHTML);
}
document.addEventListener("copy", listener);
document.execCommand("copy");
document.removeEventListener("copy", listener);
}
const getAttributes = (s) => {
const host = s || location.host;
return `${base} 16 ${host}`.split(" ");
};
getPassword.apply(this, getAttributes());
w.getPassword = getPassword;