entropy

• a single file passphrase generator
• also (maybe) soon a Rust CLI application and library

Passwords are dead, but we still use them. With that in mind, this project aims to make the process of creating, remembering, and using passwords better. Security at the cost of usability comes at the cost of security.

Live Demos:

• https://jsbin.com/ficajag/edit?html,output
• https://play.rust-lang.org/?version=stable&mode=debug&edition=2015&gist=9646d8b1498942be80068b78132b189b

Note!

While this application generates passphrases that are better than short reused passwords, you can significantly increase the entropy (strength) of your passphrases by including a rare yet memorable word that is not alread in the preloaded words dictionary. Feel free to use the generated passphrases as a starting point, but then alter them to your preferences. Remember! Security at the cost of usability comes at the cost of security :)

TODO

Rust Version

• make available via in external API like on crates.io
• also configure the main.rs file so that people can run it locally via as a CLI application
• WASM => compiled content addressable web app hosted/verified on IPFS?

Resources / Education

• link to Awesome Password Security
• update this README with a more intuitive explanation as to why length matters so much

HTML/JS Version

UI/UX:

• make everything scale to viewport size
• rounder more friendly buttons
• host single html file on ipfs and reference through a web page using tls and content addressing

Password Generator:

• mixin additional sources of entropy
• larger dictionary with weirder words

Other Cool Stuff I Probably Won't Get To

Password Checker: beyond naive entropy

• block any previously pwnd passwords via Troy Hunt's API
• actually test dictionary/hashcat attacks against a bank of generated passwords
• test passGAN attacks

Crate Building Notes

Other Passphrase Generators (dec 2018)

The CHBS Crate: https://crates.io/crates/chbs

• it builds on the XKCD cartoon and has a cool name! :)
• it works! :)
• links to EFF to download the word lists (although they are downloaded to the GitHub repo). The word lists are not directly hard coded into the crate (and thus unchangable if you want to use a certain version). If the EFF website was compromised so would be any passphrases generated by CHBS. https://gitlab.com/timvisee/chbs/blob/master/src/word.rs :/
• The CHBS documentation is unintuitive and does not explain the "advanced features" it claims that the crate provides :/
• it's kind of slow :/

The PGEN Crate: https://crates.io/crates/pgen

• the ability to load in diceware is awesome! :)
• the docs and CLI configuration options are great :)
• it's easy to install, fast, and works :)
• it's only a CLI application and not accessible as an API to roll into other applications :/
• does not allow for padding via numbers, letters, or special characters :/

Note

• shoutout to PGEN and CHBS for inspiration
• if you find this create to be lacking, check theirs! Crates are constantly evolving and I might be busy/lazy/dead and not maintaining this one :)