Javascript Strong Unicode Password Generator

This tool is based on Jeff Atwood's Post "Password Rules Are Bullshit".

You can view a working demo at https://www.sethserver.com/unicode-random-password-generator.html

It currently uses six unicode blocks, but I don't see any reason why one can't use them all; this just makes the best looking passwords.

Installation

npm i javascript-strong-password-generator

Basic Usage

This is a quick out-of-the-box usage example. This is not how you'd use it in production if you want it to be secure, but it will give you a decent random unicode password.

const jsspg = require('javascript-strong-password-generator');

jsspg.init();
const newPassword = jsspg.generate();

console.log(newPassword);

Command-line Usage

JSSPG includes a simple command-line app that will generate a single random password seeded by your local environment.

$ js-spg
ƗÇŒk😪Ư2ëjOåęğ⚎Ŭ☦Ƙ🙅ēňxę😣☨😺Ú

Advanced Usage

To reduce predictability add entropy from dynamic sytem state inforation such as CPU usage, number of active processes, availalbe ram and disk io.

const jsspg = require('javascript-strong-password-generator');
const si = require('systeminformation');
const sha512 = require('js-sha512');

let entropyval;

function entropyAccumFunction() {
  return new Promise(async (resolve) => {
    const cpuSpeed = await si.cpu();
    const processes = await si.processes();
    const disksIO = await si.disksIO();
    const memory = await si.mem();

    entropyval = sha512(`${JSON.stringify(cpuSpeed)}:${JSON.stringify(processes)}:${JSON.stringify(disksIO)}:${JSON.stringify(memory)}`);

    resolve();
  });
}

function entropyFunction() {
  return entropyval;
}

async function run() {
  await entropyAccumFunction();

  jsspg.init({
    timeBasedEntropy: false,
    entropyFxn: entropyFunction,
  });

  process.stdout.write(`${jsspg.generate()}\n`);
}

run();

Building for Browsers

This will generate a ./build/jsspg.min.js file for use in a web browser.

$ npm run webpack

Basic Browser Usage

<script src="js/jsspg.min.js"></script>
<script>
(function () {
  jsspg.init();

  var newPassword = jsspg.generate()
  alert(newPassword);
})();
</script>

Core Concept

"Password Rules Are Bullshit".

API

jsspg.init(options)

Options [{ k: v }]

• entropyFxn [function fxn()]: Custom entropy function. Must return an Array or string of length fortuna.entropySz (128 by default)
• timeBasedEntropy [bool]: Detaches the reseeding of the algorithm from the call to random().
• accumulateTimeout [int]: The amount of time in milliseconds between each timeBasedEntropy call. Requires timeBasedEntropy to be true.

jsspg.generate(passwordLength)

Generates a random Unicode password of length passwordLength (length is Unicode characters, not bytes).