Back to Top

Monday, October 02, 2006

(Yet an other) Javascript random password generator

Here is YARPG (Yet Another Random Password Generator). Why on earth would I do yet an other random password generator? Because I can :). Seriously: there are at least two random password generators out there that I've used, and I have some problems with them:

  • The one that Steve Gibson created can not be customized (I don't always want ultra-long passwords)
  • The one at winguides.org does not by default use HTTPS (although you can convince it manually)
  • They both use a round-trip to the server and I must trust their server that it doesn't keep logs about IP-passwords association for example. What makes it even worse in the case of the winguides.org website is the fact that they transmit all the options as GET parameters which are logged by default by the webservers (as opposed to POST parameters which are by default not logged). This means that they must make an extra effort to disable logging (at least for this part of their site), which I'm not sure they did.

My javascript offers 100% client-side generation and you can view its source code to make sure that it does what it claims it does. There is no need for HTTPS / SSL because no connection is made / no data is transmitted to the server.

Be safe and remember: password length beats password complexity most of the time.

Update: the script has been update so that it is more unobtrusive. Also I've published the source code for those who don't want to search through a whole page in a copy paste ready format.

Update: you can now download the source as a zip file.

Update: Fixed the problem that not all generated passwords contained at least one character from each selected set. See the post announcing the update for details. Also, the new download location is my SVN repo: js_password_generator.html.

7 comments:

  1. Anonymous4:41 AM

    I really need help in figuring out he source code. I sort of cant find a way to post this on my blog. It simply doesn't want to pork on blogspot. Can someone, anyone help me post this on my blog. I would love instructions via e-mail.

    E-mail: [email protected]

    Website: http://requinix.blogspot.com/

    All help is appreciated.
    Thanks,
    Requinix

    ReplyDelete
  2. Anonymous5:44 AM

    This aint workin.
    sourcecode not workin on blogspot!!!
    need a solution
    thanx

    ReplyDelete
  3. Please give a more detailed description of the problem. One thing I can think of of the top of my head is that blogger complains when the script tag is present in the text, but you just have to check the "don't warn me again" checkbox and submit it again. Other than that, make sure that you omit the html, head and body tags from the source (as you are embedding it in a webpage, not writing a complete webpage). Finally, in the worst case, just view the source of this post and copy it verbatim from where it says "Begin Random JavaScript Password Generetor from..." to "End Random JavaScript Password Generetor...".

    Hope this helps

    ReplyDelete
  4. Anonymous8:50 AM

    Thanks, hope this helps!!

    Requinix

    ReplyDelete
  5. There's a bug in the script. Some times you want to include numbers, special characters but it doesn't always include numbers or special characters.

    Write a function where it must random in number array when selected and then use some random order function to display it in the result. Hope it helps.

    ReplyDelete
  6. If I understand correctly, you are referring to the fact that when you check multiple options, you might not get characters from every selected category. While this is infrequent, it can happen. I would recommend generating multiple passwords until I get some time to fix it.

    Thank you for bringing the problem to my attention.

    ReplyDelete
  7. With the slogan "better late than never", I've updated the password generation algorithm, such that now it is guaranteed that each generated password contains at least one character from each selected character set.

    ReplyDelete