dmuth / diceware

Generate secure passwords you can actually remember!
https://diceware.dmuth.org/
Apache License 2.0
218 stars 50 forks source link
bootstrap diceware password password-generator security web

Diceware

Feel free to check out the live version at https://diceware.dmuth.org/

Weak passwords are a big flaw in computer security due to a lack of "entropy" or randomness. For example, how many times have you used the name of a pet or relative or street in a password, or perhaps the number "1". Not very random, is it? :-) Worse still, if passwords are reused between services, that increases your security risk.

Fact is, humans are terrible at remembering random combiations of letters and numbers, but we are great at remembering phrases of words. That's where Diceware comes in.

Diceware is based on the proposal at http://world.std.com/~reinhold/diceware.html wherein virtual dice are roled 5 times, and the 5 digit number used against a lookup table of words. 4 dice rolls gives you 4 random words which are easy for a human being to remember, yet have a high amount of entropy which makes them hard to crack.

For more information on Diceware:

Can I run this on my own computer without using your website?

Yes! Go to https://github.com/dmuth/diceware/releases and download the latest diceware.zip file. When you unzip that file, the contents will be written to a directory called diceware/. You can then point a webserver on your machine to diceware/index.html in order to use Diceware.

Sadly, you cannot open diceware/index.html directly, as the CORS policy in Chrome prevents that. If you know of a way to fix that, please open an issue. :-)

Will this work on an iPhone?

Yep! It should work on any mobile phone or tablet that supports Javascript, but I have only tested it on an iPhone 5S at this time.

Will this work in an air-gapped environment?

Yes, copies of assets such as Bootstrap and jQuery have been made, and Diceware can now be run without requiring an Internet connection.

Development

This app is built with Webpack.

When done editing main.js, the packed file can be built by simply running webpack on the command line. It will be writing to dist/bundle.js. To run webpack in a mode so that it regularly checks for changed files, run webpack --watch --mode development.

In a move that departs from Best Practices, I have made the decision to include the packed file in Git. My reason for this is that the software will be ready to run as soon as it is checked out (or a ZIP is downloaded), and that is a key design feature of this app--I want it to be as easy to get up and running as possible.

A local webserver can be set up by running npm install http-server -g to install it, then http-server to listen on http://localhost:8080/

In summary:

In practice:

Releasing a New Build

Development In Docker

Wanna develop in Docker? We got you covered. Here are some helper scripts:

Who built this? / Contact

My name is Douglas Muth, and I am a software engineer in Philadelphia, PA.

There are several ways to get in touch with me:

Feel free to reach out to me if you have any comments, suggestions, or bug reports.