npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

rndphrase

v0.9.5

Published

This small module will replace your everyday passwords with secure per domain passwords.

Downloads

2

Readme

RndPhrase.js

Build Status

RndPhrase.js is a javascript module to autogenerate secure passwords. It is a library, and is not meant to be used stand alone although it can easily be used with node.js. The purpose of RndPhrase is to keep your password secure by creating a hash of the password which is sent to the server instead of a plaintext one.

This fixes some common issues that are with passwords.

  1. Shoulder surfing might reveal the password you type, but not the actual password sent to the server.
  2. If the dabatase is compromised. Your actual password is not compromised even though it might be stored in cleartext.
  3. Passwords are never used cross domain as the domain is part of the hashing algorithm. Thus, even though you use the same password more than one place, the compromise of one site doesn not lead to a general compromisation of your password.

This might be more obvious with an example.

  1. First you decide a seed, this is a secret that only you know. For the purpose of this example lets use the seed "nobodyknowsmyseed"

  2. Choose a password that you wish to use. We'll just use "secret".

  3. Now here comes the magic... Let's try to make a password for github.com

     var r = new RndPhrase({
         seed: 'nobodyknowsmyseed',
         uri: 'github.com',
         password: 'secret',
     });
    
     console.log(r.generate()); //output 1,d$[xtd%S&1b8%9

So far so good, this looks like password that is hard to guess. Even if this is stored hashed in a database, it doesn't look like a password anybody in their right mind entered. Now let's create one for facebook.com

	var r2 = new RndPhrase({
        seed: 'nobodyknowsmyseed',
        uri: 'facebook.com',
        password: 'secret',
    });

	console.log(r.generate()); //output 8a'4}+J Ds1%l ua
  1. Wow! We used the same credentials, but the output was two completely different things - and all we changed was the domain!

How it works

RndPhrase uses three pieces of information, a seed, a password and a uri. The seed is supposed to be stored in the browser as something that is typed in once. Remember this one if you switch systems. ;) The password is that thing that you type in on your keyboard which, of course, should not be reused even though RndPhrase fixes this for you. The uri is a unique string used to determine the place that you are trying to log in to. This should automatically be generated by a browser plugin (if you use it on webpages). The uri is a string such that you can define a user id together with the name, if you have multiple users on the same webpage. E.g. github.com/privateuser and github.com/workuser.

Usage

Import RndPhrase.js as a module in your source.

RndPhrase = require('rndphrase.js');

Instantiate the object with the minimum configuration requirements

var r = RndPhrase({
		seed: 'nobodyknowsmyseed',
		uri: 'example.net'
	});

Invoke the generate method

r.generate('secret'); // 2JaL3{9e*o>T5x9I

Subsequent calls to the generate method yields new passwords

r.generate(); // Q^RkA%kx){AI9`0!
r.generate(); // Rucn;5;^maAv08X|

Configuration

It is possible to configure RndPhrase.js to enforce restrictions on the generated passwords to adapt use for websites that have misunderstood password security. Everything is passed in a JSON object with following options

seed

The seed used. Expected to be a string, but can be everything that can be hashed by the hashing algorithm. Should be entered manually once and saved by the plugin using the library. Remember not to save in plaintext. ;)

Mandatory, does not have a default.

uri

A string specifying the location, should be generated automatically by the plugin using the library.

Mandatory, does not have a default.

password

The password entered by the user. Should be entered manually, do not save this anywhere.

Mandatory, does not have a default.

size

An integer specifying the smallest possible size of the hashed password.

Defaults to 16.

version

Integer. Used for stupid websites that demand you change passwords frequently.

Defaults to 1.

capital

Configuration for capital letters. Set to false to disable.

Default:

{
	min: 1,
	max: -1, //infinite
	alphabet: 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
}

minuscule

Configuration for minuscule letters. Set to false to disable.

Default:

{
	min: 1,
	max: -1, //infinite
	alphabet: 'abcdefghijklmnopqrstuvwxyz'
}

numeric

Configuration for numbers. Set to false to disable.

Default:

{
	min: 1,
	max: -1, //infinite
	alphabet: '0123456789'
}

special

Configuration for special symbols. Set to false to disable.

Default:

{
	min: 1,
	max: -1, //infinite
	alphabet: " !\"#$%&'()*+,-./:;<=>?@[\]^_`{|}~"
}

Donate

Help making this software better

Flattr this git repo

BTC: 1NPnXF6bUBx9GJCnHkWNN5hpNQQAbWnpPP