All geek questions in one place

Create secure javascript password

What is the fastest way to create a secure password in javascript?

I want it to contain at least 1 special character and 2 mixed cases. Must be at least 6 characters.

+4
source share
4 answers

Here are some useful String functions:

 String.prototype.pick = function(min, max) { var n, chars = ''; if (typeof max === 'undefined') { n = min; } else { n = min + Math.floor(Math.random() * (max - min + 1)); } for (var i = 0; i < n; i++) { chars += this.charAt(Math.floor(Math.random() * this.length)); } return chars; }; // Credit to @Christoph: http://stackoverflow.com/a/962890/464744 String.prototype.shuffle = function() { var array = this.split(''); var tmp, current, top = array.length; if (top) while (--top) { current = Math.floor(Math.random() * (top + 1)); tmp = array[current]; array[current] = array[top]; array[top] = tmp; } return array.join(''); };

Your password will look like this:

 var specials = ' !@ #$%^&*()_+{}:"<>?\|[];\',./`~'; var lowercase = 'abcdefghijklmnopqrstuvwxyz'; var uppercase = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; var numbers = '0123456789'; var all = specials + lowercase + uppercase + numbers; var password = ''; password += specials.pick(1); password += lowercase.pick(1); password += uppercase.pick(1); password += all.pick(3, 10); password = password.shuffle();

Demo: http://jsfiddle.net/Blender/ERCsD/6/

+34
source

I just got the mail now. It is bad to use Math.random () if you can spend several minutes viewing this article .

Actually there is a crypto API in new browsers, and you should use it as soon as you start to deal with cryptography.

That's why I recommend using my library, which uses the famous crypto API. It works both on the server side and on the client side (nodejs and browsers).

mk-

+4
source

I modified @Blender's answer to make it more secure, as well as without changing String.prototype.

 // Copy-pasted from: // https://stackoverflow.com/questions/12635652/generate-a-secure-password-in-javascript // and modified for Auth0. // // Auth0 requirements: // https://auth0.com/docs/connections/database/password-strength // // "at least 10 characters including at least 3 of the following 4 types of characters: // a lower-case letter, an upper-case letter, a number, a special character (such as !@ #$%^&*). // Not more than 2 identical characters in a row (such as 111 is not allowed)". const specials = ' !@ #$%^&*()_+{}:"<>?\|[];\',./'~'; const lowercase = 'abcdefghijklmnopqrstuvwxyz'; const uppercase = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; const numbers = '0123456789'; const all = specials + lowercase + uppercase + numbers; export default function generatePassword() { let password = ''; password += pick(password, specials, 1, 3); password += pick(password, lowercase, 1, 3); password += pick(password, uppercase, 1, 3); password += pick(password, all, 10); return shuffle(password); } function pick(exclusions, string, min, max) { var n, chars = ''; if (max === undefined) { n = min; } else { n = min + Math.floor(Math.random() * (max - min + 1)); } var i = 0; while (i < n) { const character = string.charAt(Math.floor(Math.random() * string.length)); if (exclusions.indexOf(character) < 0 && chars.indexOf(character) < 0) { chars += character; i++; } } return chars; } // Credit to @Christoph: http://stackoverflow.com/a/962890/464744 function shuffle(string) { var array = string.split(''); var tmp, current, top = array.length; if (top) while (--top) { current = Math.floor(Math.random() * (top + 1)); tmp = array[current]; array[current] = array[top]; array[top] = tmp; } return array.join(''); }
+1
source

This is not a safe way. It would be possible to simulate password generation if it depends only on a mathematical function (seed). It would be safer if you tried to associate the generation with a custom event, such as tracking the location of the mouse (using different starting numbers based on user actions, for example).

0
source

Source: https://habr.com/ru/post/1436757/

More articles:


All Articles