forked from HermanMartinus/horus-webapp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
words.html
54 lines (49 loc) · 2.18 KB
/
words.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
<head>
<link rel="stylesheet" href="https://unpkg.com/[email protected]/dist/bamboo.min.css">
</head>
<body>
<h1>Cool password manager</h1>
<fieldset>
<legend>Generator</legend>
<p>
<input type="password" id="seed" placeholder="Master password..." onchange="CreatePassword()" />
</p>
<p>
<input type="text" id="service" placeholder="Service..." onchange="CreatePassword()"/>
</p>
<p>
<textarea readonly id="passphrase" placeholder="Generated passphrase..." class="obscured" onclick="TogglePassphrase()"></textarea>
</p>
<p>
<button onclick="CopyToClipboard()">Copy to clipboard</button>
</p>
</fieldset>
<h2>How it works</h2>
<p>Passwords suck. Passphrases are much better for many reasons niftily explained by <a href="https://xkcd.com/936/" target="_blank">this XKCD comic</a>.
If you're not convinced, here's <a href="https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength" target="_blank">a more in-depth explanation</a>.
</p>
<p>
Cool password manager doesn't store passwords, it generates them on the fly by doing a one-way hash of your super secret master password, combined with the name of the service you're trying to access, then generating a 4 word passphrase from the result. You can then set your service's password to the generated passphrase, and whenever the need to login comes, you can regenerate your password.
</p>
<p>
Here's how the algorithm works:
</p>
<pre>
<code>
combo = master_password + service_name
// combo -> 'this is my master password facebook'
digit_array = hash(combo).split
// digit_array -> '["1264", "0031", "2010", "0795"]'
generated_passphrase = wordlist[digit_array[0]]
+ wordlist[digit_array[1]]
+ wordlist[digit_array[2]]
+ wordlist[digit_array[3]]
// generated_passphrase -> 'churn about crucial indicate'
</code>
</pre>
<p>
In this way, no passwords are ever stored, and the only password you need to remember is your master passphrase, as it is the seed to generating all of your passwords.
</p>
<p>For those interested, the wordlist is has 2048 words, resulting in a password with 44 bits of entropy.</p>
<script src="words-script.js"></script>
</body>