npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

bcryptgenpass-lib

v0.1.1

Published

Generate passwords for SuperGenPass with bCrypt and special characters

Downloads

7

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

cmcnultycmcnulty

Keywords

Readme

bcryptgenpass-lib

Build Status Dependencies Status

This is alternative password generator for SuperGenPass. It can be used as a drop-in replacement with minor modifications to the parent project.

There are two questions when evaluating a password generator, how hard would it be to crack the generated password, and how hard would it be to determine the master password if you know one of the generated passwords? This fork is designed to make both of those tasks more difficult for an attacker.

First, we make it hard for an attacker to crack one of your passwords by generating a password that uses 85 characters rather than 64, and ensuring that all generated passwords contain some symbols.

Second, if one of your passwords does get cracked, the next problem is preventing the user from using the password for one site to determine your master password. In order to do that we use bcrypt to slow down any attempt to crack the master password, so that it will be virtually impossible to determine your master password.

NPM module

npm install bcryptgenpass-lib

Usage

var bcryptgenpass = require('bcryptgenpass-lib');

// A string containing the user's master password.
var masterPassword = 'master-password';

// A URI or hostname of the site being visited, stripped of protocol, subdomains and paths
var URI = 'example.com';

// Generate the password.
var generatedPassword = bcryptgenpass(masterPassword, URI, {/* options */});

Options

As shown above, bcryptgenpass-lib optionally accepts a hash map of options.

secret

  • Default ''
  • Expects String

A secret password to be appended to the master password before generating the password. This option is provided for convenience, as the same output can be produced by manually concatenating the master and secret passwords.

length

  • Default 12
  • Expects Number

Length of the generated password. Valid lengths are integers between 4 and 160 inclusive.

costFactor

  • Default 12
  • Expects Number

Work factor for the bCrypt algorithm. You'll want to experiment with this value to determine the maximum you can tolerate based on the length of time it takes the browser to calculate the password.

Browser environments

To use bcryptgenpass-lib in browser environments, run gulp browserify. Take the created dist/bcryptgenpass-lib.browser.js and include it on your page. Use the global bcryptgenpass as documented above.

Explanation of the algorithm

bcryptgenpass-lib employs the simple password hashing scheme of SuperGenPass. At its essence, it takes a master password and a hostname and concatenates them together:

masterpassword:example.com

It uses this as the input for the bCrypt hashing algorithm. The resulting bcrypt hash is itself run through sha512, and then finally encoded with the z85 derivative of Ascii85.

For more detail, please see the (well-commented and concise) source code.

Dependencies and license

Hash functions are provided by crypto-js. All original code is released under the GPLv2.

Thanks

A huge thank you to SuperGenPass author Chris Zarate who with his generous work has made maintaining good password policy insanely easy.