New future xkcd Password Generator #210
Comments
|
👍 good idea, looks like an easter egg, will be added in future releases. |
|
Not necessarily easter egg, this is a common and useful strategy for password generation. |
This is 1/10 of the whole app. E.g. QR code recognition library is 40kb. If we allow such a freedom in choosing libraries, the app will grow into a 5mb-monster in a month. So I think it will be added as a plugin, once we support them. Then it may contain dictionaries for another languages, e.g. german dictionary may be different.
We currently use browser's crypto random function for generator if it's available, so it will be used here as well. |
|
Oh OK, you're right, I didn't think of the web deployed version, I had the electron bundle in mind where it wouldn't really change anything about the size. |
|
What about allowing to mix multiple languages? |
This logic here is incredibly lost on me. At a poultry 130MB I don't think another 90kb is going to make much of a difference....
👍 |
|
Please don't forget that the most important platform for us is web. The whole webapp is 1.3 MB. |
|
I'd love to see this feature as well! Especially if you allow customizing the wordlist, capitalization, spacing between the words, etc. Check out KeePass's WordSequencer Plugin for some configuration ideas and some wordlist ideas. |
|
+1!! I've seen different list, with the one from diceware.com probably beeing the first one. There's a new list made by EFF which has been updated to remove strange words and has longer words on average. It is still suitable for rolling dice and has the same number of words as the original diceware list. They also did a shorter list with shorter words for rolling with fewer dice (with less bit/word of course) but easier to remember. Of course, @antelle is right about the bloating of the app. Since the words in the wordlists are basically just a kind of very big "alphabet", i would suggest to generalize lists in the generator presets: So in addition to uppercase latin letters, lowercase latin letters, numbers, etc. there could be further user-defined lists of symbols or words, each with name and symbol or word list. E.g. "symbols allowed in bank account password" => "!$%&", "names of close friends" => "marvin, todd, julia, francis" for different use-cases (the latter being to remeber the password easier). Thinking this further, maybe it would be a good idea to introduce optinal password patterns. For instance my bank account requires me to have a password like 837462qidmNreu§ with six leading numbers, then letters including uppercase and at least one symbol of a defined array. For these patterns on could use character classes like in Regular expressions. So the pattern for my bank could be something like |
|
+1 for the custom pattern idea that @illionas mentioned |
|
Why not just use the same possibility as already provided by KeePass by using patterns? I used to make pattern like the one on https://www.gaijin.at/olspwgen.php which i'm currently missing. One improvement one could maybe make is by providing own letter classes or overwriting existing ones, but that's just an extra which is not really neccessary. |
|
I'm interested in taking a stab at this feature however not really sure where to implement. Is there documentation on the general design pattern? I've never really worked with Node before. Design wise: Should this be a plugin? Or directly implemented into KeeWeb? I like the idea of keeping it simple and just allowing the user to upload a flat file (or zip) with a dictionary and pulling from there. That avoids the complexity of language selection or mixed language support (a user is free to provide a dictionary that combines English and German or whatever other languages they want). It also avoids install size concerns. |
|
It should be a plugin, here's a document about plugin support which will appear in the next version: https://github.com/keeweb/keeweb/wiki/Plugins |
antelle
added
the
› Plugin Request
|
I support the idea that initially we only need files and let the user decide what they contain.
If you store the file *outside* of the keepass container (on your file system or maybe even online) you would avoid file size concerns for both the plugin and the keepass container; to make sure the file is the one you initially reviewed, there should be a hash of the file and the last used source stored next to the name, e.g. "german.txt - md5:abc123 - pulled from: http://example.com/German.Txt"
Am 14. April 2017 22:52:29 MESZ schrieb Ian <[email protected]>:
…I'm interested in taking a stab at this feature however not really sure
where to implement. Is there documentation on the general design
pattern? I've never really worked with Node before.
Design wise: Should this be a plugin? Or directly implemented into
KeeWeb? I like the idea of keeping it simple and just allowing the user
to upload a flat file (or zip) with a dictionary and pulling from
there. That avoids the complexity of language selection or mixed
language support (a user is free to provide a dictionary that combines
English and German or whatever other languages they want). It also
avoids install size concerns.
--
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub:
#210 (comment)
|
Did you ever get anywhere with this? https://xkpasswd.net/ exists, and it is probably possible to say hullo to its password-generating bit - though this would mean the plugin would make KeeWeb not entirely local for generation. The author has the perl module used up on GitHub with a FreeBSD license: https://github.com/bbusschots/hsxkpasswd, but not having to install/run perl (at ~140MB) seems like a fair trade off for non-local generation (maybe the hardcore would like it as an option though...) Regardless, it seems like a good starting point, and the author may well be open to making changes to accommodate a KeeWeb plugin; seems like a sensible chap. |
|
A word-based password generator would be a great feature, I'm something I really miss from back when I used to use 1Password. Here's one written in JavaScript (also inspired by the xkcd comic) which might be a good starting point for someone to incorporate - https://github.com/jtwalters/jpgen |
|
I've been using https://oneshallpass.com/pp.html in the interim. Works great. Offers |
|
I'm going to try to implement this using the EFF wordlist(s). Considering the eff_large_wordlist.txt can be deflated to 24KiB if the redundant indices are removed, do you still think it's better suited as a plugin? |
|
@GrantMoyer most likely yes, there's also a suggestion about using different languages here, so it can be more than that. |
|
I've made a working prototype of this plugin at https://github.com/GrantMoyer/keeweb-plugin-passphrase-generator. It uses the EFF's long word list, and there's no way to configure that at the moment. Also, it doesn't use compression for the word list at the moment. Does KeeWeb still have a deflater? I couldn't find one. |
We have |
|
Thanks @GrantMoyer for the prototype plugin, that's a great substitute for a fully-featured version of this for now. Is there any update on KeeWeb supporting this? My SO was using a similar plugin for KeePass and I would love to try the same thing in KeeWeb since I only use the latter now. |
This plugins generates passphrases using the EFF's long wordlist[1]. Implements keeweb/keeweb#210. The functionality is currently very basic: it adds adds a preset to the password generator view called "passphrase", and lets you choose the number of words to use with the length slider. It ignores all the other options from the generator view. In the future, I'd like to improve the UX for the plugin by removing extraneous options from the generator view and allowing the user to save custom passphrase presets. I'd also like to add an option the change the word seperator, for example from ' ' to '-'. Currently, the wordlist is not compressed, since there is no decompression api exposed to plugins. However, even with compression, the wordlist would need to be stored in the plugin.js file, likely in base64, since plugins cannot access external resources. The uncompressed wordlist is 60KiB, while the deflate compressed list, encoded in base64, is 32KiB. [1]: https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases
This plugins generates passphrases using the [EFF's long wordlist][1]. Implements keeweb/keeweb#210. The functionality is currently very basic: it adds adds a preset to the password generator view called "passphrase", and lets you choose the number of words to use with the length slider. It ignores all the other options from the generator view. In the future, I'd like to improve the UX for the plugin by removing extraneous options from the generator view and allowing the user to save custom passphrase presets. I'd also like to add an option the change the word seperator, for example from ' ' to '-'. Currently, the wordlist is not compressed, since there is no decompression api exposed to plugins. However, even with compression, the wordlist would need to be stored in the plugin.js file, likely in base64, since plugins cannot access external resources. The uncompressed wordlist is 60KiB, while the deflate compressed list, encoded in base64, is 32KiB. [1]: https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases
This plugins generates passphrases using the [EFF's long wordlist][1]. Implements keeweb/keeweb#210. The functionality is currently very basic: it adds adds a preset to the password generator view called "passphrase", and lets you choose the number of space-seperated words to generate with the length slider. It ignores all the other options from the generator view. In the future, I'd like to improve the UX for the plugin by removing extraneous options from the generator view and allowing the user to save custom passphrase presets. I'd also like to add an option the change the word seperator, for example from ' ' to '-'. Currently, the wordlist is not compressed, since there is no decompression api exposed to plugins. However, even with compression, the wordlist would need to be stored in the plugin.js file, likely in base64, since plugins cannot access external resources. The uncompressed wordlist is 60KiB, while the deflate compressed list, encoded in base64, is 32KiB. [1]: https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases
Hi and thanks for this very nice apps.
Is that possible in the future to add this xkcd password generator
http://preshing.com/20110811/xkcd-password-generator/
The text was updated successfully, but these errors were encountered: