-
Notifications
You must be signed in to change notification settings - Fork 0
/
README.txt
134 lines (103 loc) · 5.51 KB
/
README.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
Enlarge Your Password!
http://enlargeyourpassword.com
AUTHOR
Eric Bréchemier <github@eric.brechemier.name>
DESCRIPTION
Tired of reusing that same old password all over the web?
Spice it up and get a real strong password!
Coming in seven sizes from XXS to our favorite XXL.
LICENSE
CC-BY Eric Bréchemier
Creative Commons Attribution 4.0 International
http://creativecommons.org/licenses/by/4.0/
Includes Indubitably NF by Nick Curtis, courtesy of Nick's Fonts.
Web fonts distributed by Font Squirrel:
http://www.fontsquirrel.com/fonts/Indubitably
Includes scope-level1-global.js from scope-or-not project
Distributed under the MIT License
https://github.com/eric-brechemier/scopeornot
Developed by Eric Bréchemier
Includes md5.js, sha1.js, sha256.js and sha512.js from jshash
Distributed under the BSD License
http://pajhome.org.uk/crypt/md5/scripts.html
* md5.js
Version 2.2 Copyright (C) Paul Johnston 1999 - 2009
Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
* sha1.js
Version 2.2 Copyright Paul Johnston 2000 - 2009.
Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
* sha256.js
Version 2.2 Copyright Angel Marin, Paul Johnston 2000 - 2009.
Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
* sha512.js
Version 2.2 Copyright Anonymous Contributor, Paul Johnston 2000 - 2009.
Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
Includes ascii85.js from DojoX Encoding
Distributed under the BSD License part of the Dojo ToolKit SDK
http://dojotoolkit.org/reference-guide/dojox/encoding.html
http://trac.dojotoolkit.org/browser/dojox/trunk/LICENSE
* ascii85.js
Version 0.1.0, 2007-07-30, Copyright (C) the Dojo Foundation
Authors: Eugene Lazutkin, Tom Trenka
Includes crc.js from HTML source of JavaScript CRC
http://www.digsys.se/JavaScript/CRC.aspx
Developed by Anders Danielsson
XHTML / JavaScript source code September 19, 2010
Copyright (c) 2003-2012 Scandinavian Digital Systems AB
Internet: http://www.digsys.se
Freeware: The source code and its methods and algorithms may be
used as desired without restrictions.
LANGUAGES
HTML, CSS, JavaScript
DESIGN AND ALGORITHM FOR PASSWORD GENERATION
This is a very simple web app, designed for everyday use. The goal is to
generate a strong password to access a web site by filling in a form with
simple yet unique information. All inputs are optional and the password is
generated on the fly, which lets the user choose the level of details to get
more or less security. The same password is generated consistently for the
same inputs.
The input values are taken as is (including case and punctuation) and
concatenated in sequential order of the fields as they appear in the form.
The concatenated values are separated with ';'. There is no separator before
the first or after the last value, only between values. An empty value in the
middle of the chain is still included and results in the sequence ';;'.
Different versions of the SHA algorithm are applied to the string resulting
from the concatenation to generate passwords of different lengths:
* SHA-1 generates passwords of 40 characters (size L)
* SHA-256 generates passwords of 56 characters (size XL)
* SHA-512 generates passwords of 128 characters (size XXL)
The family of SHA algorithms was chosen because:
* it is a published standard
(I do not believe in security through obscurity)
* open-source JavaScript implementations are available
(e.g. jshash, Stanford JavaScript Crypto Library)
* it comes in several sizes
(web sites may reject passwords over a certain length)
* generated strings contain only alphanumerical characters
(web sites may reject special characters, symbols and punctuation)
I later added MD5 to generate passwords of 32 characters (size M), when
faced to a sign up page that refused any password longer than 32 characters.
Similarly, I added ASCII85 encoding of MD5 to get passwords of 20 characters
(size S) to comply with a sign up page that required to choose a password
between 5 and 20 characters.
Finally, I added the size XS to get even shorter passwords for sign up
pages of two services: the first one limited to 8 to 12 characters with
some punctuation allowed, the second to 10 characters without punctuation.
For the size XS, I concatenated the hex values of CRC32 and CRC8.
I also used CRC32 for the size XXS, to get 6-digit passwords for log in
widgets used by banks: CRC32 is computed as a signed integer and then
truncated to the last 6 decimal digits.
HISTORY
2011-03-26, First release of http://enlargeyourpassword.com (no CSS style)
2011-04-02, Empty all fields on page load/unload and after 2'30 in background
2011-04-04, Fixed wording, empty generated passwords as well on reset
2012-01-23, Added CSS Styles: pink colors, custom font for title
2012-05-07, Completed support for size S using ASCII85 encoding of MD5
2012-07-21, Added support for sizes XS and XXS using CRC32 and CRC8
2012-08-04, Use scope() from scope-or-not project to declare modules
2012-12-15, Added styles for width of inputs
2014-05-22, Inherit font styles in inputs
2015-03-30, Reload page to clear inputs 'undo' cache after 2'30 in background
2024-03-29, Ignore space characters found at start and end of each input
XXXX-XX-XX, Use Passwordia font to conceal inputs and passwords by default
XXXX-XX-XX, Add color hash as visual indicator in stealth mode