Skip to content
Password Generator using uberhash for strong passwords
JavaScript HTML PHP Other
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
js
README
awesome_gen_pass.php
awesome_gen_tests.html
awesome_pass_gen-combined.min.js
awesome_pass_gen-old.js
awesome_pass_gen.js
bcrypt-optimized.js
bcrypt-optimized.min.js
bcrypt.js
bcrypt.min.js
bcrypt_test.js
bcrypt_test1.js
bcrypt_times
build.sh
domain_extractor.js
hashpass.html
index-dev.html
index.html
index.html.bak
license
math.js
misc.js
out2.js
passgen_bookmarklet-min.js
passgen_bookmarklet.js
salt_test.js
sbcrypt.js
sbcrypt1.js
sbcrypt_test.js
scratchpad.js
scrypt.js
scrypt1.js
scrypt_fast.js
scrypt_fast.min.js
scrypt_fast1.js
scrypt_test.html
scrypt_test.js
scrypt_test1.html
sha1-optimized-fast.js
sha1.js
sha256_fast.js
string.js
style.css
test-orig.html
test.html
test.js
test1.html
todo
uhash_test.html
uhash_test1.html
zxcvbn.js

README

This is a password generator like supergenpass but that uses much stronger hashing(one-way encryption) and it version 2.0.0b and is considered generally safe to consume by the general public. As the systems included should give users who have their base password at least a score of 3 a very unlikely chance of someone manging to guess their password.

HashPass
Copyright (c) 2011-2018 133794m3r
AGPLv3 or Later

Various files that are licensed differently are listed below.
The scrypt js library minified in scrypt1.js is licensed under the MIT from the original source. I have included their link in the source file itself. It is no longer async but is now synchronous those looking for an async version should look at the source repo.
Scrypt Async JS
Copyright (c) 2013-2016 Dmitry Chestnykh | BSD License
https://github.com/dchest/scrypt-async-js

I also have included ZXCVBN for password strength estimation. It is licensed as MIT-like it looks like.

ZXCVBN
Copyright (c) 2012-2016 Dan Wheeler and Dropbox, Inc.
https://github.com/dropbox/zxcvbn

Timing Estimation Reasoning Explained

The time shown is based upon a rough estimate of ~390 times as fast as the algorithm in native code(SSE2 for scrypt) on one core of my laptop[1]. I figure that that is a high enough multiplier to be realistic as the memory required is over 40MiB in total and thus GPUs should be inihibited and at worst I figure it should be realistic. It is based upon that many guesses per second and converted using zxcvbn's time to display function itself as the options built in don't work for me as the offline slow hash is likely based upon a much lower scrypt value than I am using. I have added legacy mode for those migrating from the old version and will use this when/if in the future I switch to something else(maybe argon2) sometime in the future once it's proven itself to be secure.

[1]
My laptop is an i7-2760QM with turbo up to 3.5Ghz during tests it'd stay ~3.2-3.3Ghz on the core running the full scrypt. I did not do the simplification pass, nor did I check for repeat strings etc. Just the extremely cputime intensive generatingthe salt, and also hashing the password. The other parts excluding scoring generally take ~1-2ms and that is barely worth the effort to reimplement to see how it'd work as the majority is in those parts.

You can’t perform that action at this time.