Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Password Generator using uberhash for strong passwords https://transcendental.us/hashpass
Fetching latest commit…
Cannot retrieve the latest commit at this time.
This is a password generator like supergenpass but that uses much stronger hashing(one-way encryption) and it version 2.0.0b and is considered generally safe to consume by the general public. As the systems included should give users who have their base password at least a score of 3 a very unlikely chance of someone manging to guess their password. HashPass Copyright (c) 2011-2018 133794m3r AGPLv3 or Later Various files that are licensed differently are listed below. The scrypt js library minified in scrypt1.js is licensed under the MIT from the original source. I have included their link in the source file itself. It is no longer async but is now synchronous those looking for an async version should look at the source repo. Scrypt Async JS Copyright (c) 2013-2016 Dmitry Chestnykh | BSD License https://github.com/dchest/scrypt-async-js I also have included ZXCVBN for password strength estimation. It is licensed as MIT-like it looks like. ZXCVBN Copyright (c) 2012-2016 Dan Wheeler and Dropbox, Inc. https://github.com/dropbox/zxcvbn Timing Estimation Reasoning Explained The time shown is based upon a rough estimate of ~390 times as fast as the algorithm in native code(SSE2 for scrypt) on one core of my laptop. I figure that that is a high enough multiplier to be realistic as the memory required is over 40MiB in total and thus GPUs should be inihibited and at worst I figure it should be realistic. It is based upon that many guesses per second and converted using zxcvbn's time to display function itself as the options built in don't work for me as the offline slow hash is likely based upon a much lower scrypt value than I am using. I have added legacy mode for those migrating from the old version and will use this when/if in the future I switch to something else(maybe argon2) sometime in the future once it's proven itself to be secure.  My laptop is an i7-2760QM with turbo up to 3.5Ghz during tests it'd stay ~3.2-3.3Ghz on the core running the full scrypt. I did not do the simplification pass, nor did I check for repeat strings etc. Just the extremely cputime intensive generatingthe salt, and also hashing the password. The other parts excluding scoring generally take ~1-2ms and that is barely worth the effort to reimplement to see how it'd work as the majority is in those parts.