Javascript and HTML Password Generator

Place to place any code snippets, completed games, or even uncompleted games for IR users to use.
Post Reply
User avatar
vitinho444
Posts: 2825
Joined: Mon Mar 21, 2011 4:54 pm

Javascript and HTML Password Generator

Post by vitinho444 »

Hello guys i just made my first javascript real coding with HTML and i decided to create a random password generator.
It's totally random and doesn't send it anywhere or store anywhere besides the div random and that's it.

Update: Added Symbols with a probability of 10%
Letters: 50%
Numbers: 40%


Here's the source:

Code: Select all

<!DOCTYPE html>
<html>
	<head>
		<title>RandomIZER</title>
		<link rel="stylesheet" type="text/css" href="style.css">
		
		<script>
		(function() {/*
A JavaScript implementation of the SHA family of hashes, as defined in FIPS
PUB 180-2 as well as the corresponding HMAC implementation as defined in
FIPS PUB 198a

Copyright Brian Turek 2008-2012
Distributed under the BSD License
See http://caligatio.github.com/jsSHA/ for more information

Several functions taken from Paul Johnson
*/
function k(a){throw a;}function s(a,e){var b=[],f=(1<<e)-1,c=a.length*e,d;for(d=0;d<c;d+=e)b[d>>>5]|=(a.charCodeAt(d/e)&f)<<32-e-d%32;return{value:b,binLen:c}}function u(a){var e=[],b=a.length,f,c;0!==b%2&&k("String of HEX type must be in byte increments");for(f=0;f<b;f+=2)c=parseInt(a.substr(f,2),16),isNaN(c)&&k("String of HEX type contains invalid characters"),e[f>>>3]|=c<<24-4*(f%8);return{value:e,binLen:4*b}}
function v(a){var e=[],b=0,f,c,d,g,h;-1===a.search(/^[a-zA-Z0-9=+\/]+$/)&&k("Invalid character in base-64 string");f=a.indexOf("=");a=a.replace(/\=/g,"");-1!==f&&f<a.length&&k("Invalid '=' found in base-64 string");for(c=0;c<a.length;c+=4){h=a.substr(c,4);for(d=g=0;d<h.length;d+=1)f="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".indexOf(h[d]),g|=f<<18-6*d;for(d=0;d<h.length-1;d+=1)e[b>>2]|=(g>>>16-8*d&255)<<24-8*(b%4),b+=1}return{value:e,binLen:8*b}}
function w(a,e){var b="",f=4*a.length,c,d;for(c=0;c<f;c+=1)d=a[c>>>2]>>>8*(3-c%4),b+="0123456789abcdef".charAt(d>>>4&15)+"0123456789abcdef".charAt(d&15);return e.outputUpper?b.toUpperCase():b}
function x(a,e){var b="",f=4*a.length,c,d,g;for(c=0;c<f;c+=3){g=(a[c>>>2]>>>8*(3-c%4)&255)<<16|(a[c+1>>>2]>>>8*(3-(c+1)%4)&255)<<8|a[c+2>>>2]>>>8*(3-(c+2)%4)&255;for(d=0;4>d;d+=1)b=8*c+6*d<=32*a.length?b+"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".charAt(g>>>6*(3-d)&63):b+e.b64Pad}return b}
function y(a){var e={outputUpper:!1,b64Pad:"="};try{a.hasOwnProperty("outputUpper")&&(e.outputUpper=a.outputUpper),a.hasOwnProperty("b64Pad")&&(e.b64Pad=a.b64Pad)}catch(b){}"boolean"!==typeof e.outputUpper&&k("Invalid outputUpper formatting option");"string"!==typeof e.b64Pad&&k("Invalid b64Pad formatting option");return e}function z(a,e){var b=(a&65535)+(e&65535);return((a>>>16)+(e>>>16)+(b>>>16)&65535)<<16|b&65535}
function A(a,e,b,f,c){var d=(a&65535)+(e&65535)+(b&65535)+(f&65535)+(c&65535);return((a>>>16)+(e>>>16)+(b>>>16)+(f>>>16)+(c>>>16)+(d>>>16)&65535)<<16|d&65535}
function B(a,e){var b=[],f,c,d,g,h,C,t,j,D,l=[1732584193,4023233417,2562383102,271733878,3285377520],n=[1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,
1859775393,1859775393,1859775393,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782];a[e>>>5]|=128<<24-e%32;a[(e+
65>>>9<<4)+15]=e;D=a.length;for(t=0;t<D;t+=16){f=l[0];c=l[1];d=l[2];g=l[3];h=l[4];for(j=0;80>j;j+=1)b[j]=16>j?a[j+t]:(b[j-3]^b[j-8]^b[j-14]^b[j-16])<<1|(b[j-3]^b[j-8]^b[j-14]^b[j-16])>>>31,C=20>j?A(f<<5|f>>>27,c&d^~c&g,h,n[j],b[j]):40>j?A(f<<5|f>>>27,c^d^g,h,n[j],b[j]):60>j?A(f<<5|f>>>27,c&d^c&g^d&g,h,n[j],b[j]):A(f<<5|f>>>27,c^d^g,h,n[j],b[j]),h=g,g=d,d=c<<30|c>>>2,c=f,f=C;l[0]=z(f,l[0]);l[1]=z(c,l[1]);l[2]=z(d,l[2]);l[3]=z(g,l[3]);l[4]=z(h,l[4])}return l}
window.jsSHA=function(a,e,b){var f=null,c=0,d=[0],g=0,h=null,g="undefined"!==typeof b?b:8;8===g||16===g||k("charSize must be 8 or 16");"HEX"===e?(0!==a.length%2&&k("srcString of HEX type must be in byte increments"),h=u(a),c=h.binLen,d=h.value):"ASCII"===e||"TEXT"===e?(h=s(a,g),c=h.binLen,d=h.value):"B64"===e?(h=v(a),c=h.binLen,d=h.value):k("inputFormat must be HEX, TEXT, ASCII, or B64");this.getHash=function(b,a,e){var g=null,h=d.slice(),n="";switch(a){case "HEX":g=w;break;case "B64":g=x;break;default:k("format must be HEX or B64")}"SHA-1"===
b?(null===f&&(f=B(h,c)),n=g(f,y(e))):k("Chosen SHA variant is not supported");return n};this.getHMAC=function(b,a,e,f,h){var n,p,m,E,r,F,G=[],H=[],q=null;switch(f){case "HEX":n=w;break;case "B64":n=x;break;default:k("outputFormat must be HEX or B64")}"SHA-1"===e?(m=64,F=160):k("Chosen SHA variant is not supported");"HEX"===a?(q=u(b),r=q.binLen,p=q.value):"ASCII"===a||"TEXT"===a?(q=s(b,g),r=q.binLen,p=q.value):"B64"===a?(q=v(b),r=q.binLen,p=q.value):k("inputFormat must be HEX, TEXT, ASCII, or B64");
b=8*m;a=m/4-1;m<r/8?("SHA-1"===e?p=B(p,r):k("Unexpected error in HMAC implementation"),p[a]&=4294967040):m>r/8&&(p[a]&=4294967040);for(m=0;m<=a;m+=1)G[m]=p[m]^909522486,H[m]=p[m]^1549556828;"SHA-1"===e?E=B(H.concat(B(G.concat(d),b+c)),b+F):k("Unexpected error in HMAC implementation");return n(E,y(h))}};})();
		</script>
		
		<script>
			function GenRandom(hash, debug, trim)
			{
				var um, dois, trez, quatro, cinco, seis, sete, oito, nove, dez, onze, doze, treze, catorze, quinze;
				var letters = new Array();
				letters[0] = "a";
				letters[1] = "b";
				letters[2] = "c";
				letters[3] = "d";
				letters[4] = "e";
				letters[5] = "f";
				letters[6] = "g";
				letters[7] = "h";
				letters[8] = "i";
				letters[9] = "j";
				letters[10] = "k";
				letters[11] = "l";
				letters[12] = "m";
				letters[13] = "n";
				letters[14] = "o";
				letters[15] = "p";
				letters[16] = "q";
				letters[17] = "r";
				letters[18] = "s";
				letters[19] = "t";
				letters[20] = "u";
				letters[21] = "v";
				letters[22] = "w";
				letters[23] = "x";
				letters[24] = "y";
				letters[25] = "z";
				var a = Math.floor((Math.random()*100)+1);
				var b = Math.floor((Math.random()*100)+1);
				
				var numbers = new Array();
				numbers[0] = 0;
				numbers[1] = 1;
				numbers[2] = 2;
				numbers[3] = 3;
				numbers[4] = 4;
				numbers[5] = 5;
				numbers[6] = 6;
				numbers[7] = 7;
				numbers[8] = 8;
				numbers[9] = 9;
				
				var symbols = new Array();
				symbols[0] = "*";
				symbols[1] = "+";
				symbols[2] = "!";
				symbols[3] = "%";
				symbols[4] = "#";
				
				for(var i = 0; i < 15; i++)
				{
					var a = Math.floor((Math.random()*100)+1);
					
					if(a < 50)	//It's letter
					{
						var c = Math.floor((Math.random()*100)+1);
						if(c < 50)	//Lower case
						{
							var b = letters[Math.floor((Math.random()*26)+0)];
						}
						else	//uppercase
						{
							var b = letters[Math.floor(Math.random() * 26) + 0];
							b = b.toUpperCase();
						}
					}
					else if(a >= 50 && a < 90)		//It's number
					{
						var b = numbers[Math.floor((Math.random()*10)+0)];
					}
					else
					{
						var b = symbols[Math.floor((Math.random()*5)+0)];
					}
						
					if(i == 0)
					{						
						um = b;
					}
					else if(i == 1)
					{
						dois = b;
					}
					else if(i == 2)
					{
						trez = b;
					}
					else if(i == 3)
					{
						quatro = b;
					}
					else if(i == 4)
					{
						cinco = b;
					}
					else if(i == 5)
					{
						seis = b;
					}
					else if(i == 6)
					{
						sete = b;
					}
					else if(i == 7)
					{
						oito = b;
					}
					else if(i == 8)
					{
						nove = b;
					}
					else if(i == 9)
					{
						dez = b;
					}
					else if(i == 10)
					{
						onze = b;
					}
					else if(i == 11)
					{
						doze = b;
					}
					else if(i == 12)
					{
						treze = b;
					}
					else if(i == 13)
					{
						catorze = b;
					}
					else if(i == 14)
					{
						quinze = b;
					}
				}
				
				if(typeof um === 'undefined')
				{
					var z = symbols[Math.floor(Math.random() * 5) + 0];
					um = z;
				}
				else if(typeof dois === 'undefined')
				{
					var z = symbols[Math.floor(Math.random() * 5) + 0];
					dois = z;
				}
				else if(typeof trez === 'undefined')
				{
					var z = symbols[Math.floor(Math.random() * 5) + 0];
					trez = z;
				}
				else if(typeof quatro === 'undefined')
				{
					var z = symbols[Math.floor(Math.random() * 5) + 0];
					quatro = z;
				}
				else if(typeof cinco === 'undefined')
				{
					var z = symbols[Math.floor(Math.random() * 5) + 0];
					cinco = z;
				}
				else if(typeof seis === 'undefined')
				{
					var z = symbols[Math.floor(Math.random() * 5) + 0];
					seis = z;
				}
				else if(typeof sete === 'undefined')
				{
					var z = symbols[Math.floor(Math.random() * 5) + 0];
					sete = z;
				}
				else if(typeof oito === 'undefined')
				{
					var z = symbols[Math.floor(Math.random() * 5) + 0];
					oito = z;
				}
				else if(typeof nove === 'undefined')
				{
					var z = symbols[Math.floor(Math.random() * 5) + 0];
					nove = z;
				}
				else if(typeof dez === 'undefined')
				{
					var z = symbols[Math.floor(Math.random() * 5) + 0];
					dez = z;
				}
				else if(typeof onze === 'undefined')
				{
					var z = symbols[Math.floor(Math.random() * 5) + 0];
					onze = z;
				}
				else if(typeof doze === 'undefined')
				{
					var z = symbols[Math.floor(Math.random() * 5) + 0];
					doze = z;
				}
				else if(typeof treze === 'undefined')
				{
					var z = symbols[Math.floor(Math.random() * 5) + 0];
					treze = z;
				}
				else if(typeof catorze === 'undefined')
				{
					var z = symbols[Math.floor(Math.random() * 5) + 0];
					catorze = z;
				}
				else if(typeof quinze === 'undefined')
				{
					var z = symbols[Math.floor(Math.random() * 5) + 0];
					quinze = z;
				}
				
				
				if(debug)
					var random1 = um + "." + dois + "." + trez + "." + quatro + "." + cinco + "." + seis + "." + sete + "." + oito + "." + nove + "." + dez + "." + onze + "." + doze + "." + treze + "." + catorze + "." + quinze;
				else
					var random1 = um + dois +trez +quatro+ cinco +seis +sete +oito + nove + dez +  onze + doze + treze + catorze + quinze;
				
				if(hash)
				{
					var shaObj = new jsSHA(random1, "TEXT");
					var hash = shaObj.getHash("SHA-1", "HEX");
					var hmac = shaObj.getHMAC("SecretKey", "TEXT", "SHA-1", "HEX");

					random1 = hash;
					if(trim)
					{
						var trimmedString = random1.substring(0, 15);
						random1 = trimmedString;
					}
				}
				
				document.getElementById("random").innerHTML = random1;
			}
		</script>
	</head>

	<body>
		<h1>RandomIZER</h1>
		<br>
		<p>Please choose one of the following random:</p>
		<p><a href="#" onclick="GenRandom(false, false, false)">Random 1</a></p>
		<p><a href="#" onclick="GenRandom(true, false, false)">Random 2</a></p>
		<p><a href="#" onclick="GenRandom(true, false, true)">Random 3</a></p>
		
		<div id="random">
		
		</div>
	</body>	
</html>
Here's a archive with INDEX and CSS: http://www.oryzhon.com/random.rar

I've used a javascript lib for the hashing in case some people prefer hashed its a little more random then the others. And as for the normal randoming it's all my work, a bit newby but it creates some cool passwords.

btw
var um, dois, trez, quatro, cinco, seis, sete, oito, nove, dez, onze, doze, treze, catorze, quinze;
this means one, two, three, till fifteen in my language so go ahead and feel free to pass it to english or something if you want.

Here's a demo in my website: http://www.oryzhon.com/random

Just sharing with you guys so feel free to use it if you want.. I didn't felt like adding symbols but i should i know. This was just to code something in javascript other than Unity scripting.
Last edited by vitinho444 on Mon Aug 26, 2013 11:34 am, edited 4 times in total.
My Company Website: http://www.oryzhon.com

Skype: vpegas1234
User avatar
Jackolantern
Posts: 10893
Joined: Wed Jul 01, 2009 11:00 pm

Re: Javascript and HTML Password Generator

Post by Jackolantern »

Nice stuff! :cool:

Oh, and I also removed the "language=html" attribute from the code tag, as it actually broke it. I think the only attribute is code=php.
The indelible lord of tl;dr
User avatar
vitinho444
Posts: 2825
Joined: Mon Mar 21, 2011 4:54 pm

Re: Javascript and HTML Password Generator

Post by vitinho444 »

Jackolantern wrote:Nice stuff! :cool:

Oh, and I also removed the "language=html" attribute from the code tag, as it actually broke it. I think the only attribute is code=php.
Thanks and Thanks xD

One question, the Random 1 Password generates a password wih A-Z, a-z, 0-9, 15 chars long. Unless you brute force it with a super pc it's a good password right?
My Company Website: http://www.oryzhon.com

Skype: vpegas1234
User avatar
MikuzA
Posts: 395
Joined: Thu Aug 08, 2013 8:57 am

Re: Javascript and HTML Password Generator

Post by MikuzA »

vitinho444 wrote:One question, the Random 1 Password generates a password with A-Z, a-z, 0-9, 15 chars long. Unless you brute force it with a super pc it's a good password right?
It is a good password, as in normal user standards. I would say!
Nowadays there is a trend to have minimum of one special character in your password.

Also from my perspective, best way to avoid super computer brute forcing the password is to add a counter on wrong passwords in a row and account lock down :-)
And then some fancy steps on how to unlock the account and/or change the password without it being just another way to crack someones account.

AND, perhaps disable autocomplete on your forms to disallow browsers from saving username / password information ( autocomplete="off" ). People actually have to remember their passwords. ( If that still works on the latest browsers )
Why so serious?

Business Intelligence, Data Engineering, Data Mining
PHP, HTML, JavaScript, Bash/KornShell, Python, C#, PL/SQL
MySQL, DB2, Oracle, Snowflake
Pentaho, DataStage, Matillion, Unity3D, Blender
User avatar
vitinho444
Posts: 2825
Joined: Mon Mar 21, 2011 4:54 pm

Re: Javascript and HTML Password Generator

Post by vitinho444 »

MikuzA wrote:
vitinho444 wrote:One question, the Random 1 Password generates a password with A-Z, a-z, 0-9, 15 chars long. Unless you brute force it with a super pc it's a good password right?
It is a good password, as in normal user standards. I would say!
Nowadays there is a trend to have minimum of one special character in your password.

Also from my perspective, best way to avoid super computer brute forcing the password is to add a counter on wrong passwords in a row and account lock down :-)
And then some fancy steps on how to unlock the account and/or change the password without it being just another way to crack someones account.

AND, perhaps disable autocomplete on your forms to disallow browsers from saving username / password information ( autocomplete="off" ). People actually have to remember their passwords. ( If that still works on the latest browsers )
Thanks for the tips, actually sometimes in the Random 1 password it generates undefined chars. So to counter this i added a code that whenever a char is undefined it should be a symbol instead. But it doesn't recognize the undefined ones :(
My Company Website: http://www.oryzhon.com

Skype: vpegas1234
User avatar
MikuzA
Posts: 395
Joined: Thu Aug 08, 2013 8:57 am

Re: Javascript and HTML Password Generator

Post by MikuzA »

vitinho444 wrote: Thanks for the tips, actually sometimes in the Random 1 password it generates undefined chars. So to counter this i added a code that whenever a char is undefined it should be a symbol instead. But it doesn't recognize the undefined ones :(
Fast look at your source and I would guess that the problem is here

Code: Select all

var b = numbers[Math.floor((Math.random()*10)+1)];
Math.random becomes same or higher than 0.9
* 10 it makes it to 9 when floored.
+1 makes it to 10. Which goes out of the array of numbers[].

Would this cause it?
Why so serious?

Business Intelligence, Data Engineering, Data Mining
PHP, HTML, JavaScript, Bash/KornShell, Python, C#, PL/SQL
MySQL, DB2, Oracle, Snowflake
Pentaho, DataStage, Matillion, Unity3D, Blender
User avatar
vitinho444
Posts: 2825
Joined: Mon Mar 21, 2011 4:54 pm

Re: Javascript and HTML Password Generator

Post by vitinho444 »

Maybe, i will fix it.

Yap it works :) Thanks a lot.

Source Code fixed. Also added .zip file with the index and css.
My Company Website: http://www.oryzhon.com

Skype: vpegas1234
User avatar
Jackolantern
Posts: 10893
Joined: Wed Jul 01, 2009 11:00 pm

Re: Javascript and HTML Password Generator

Post by Jackolantern »

I definitely agree. The best thing you can do to stop brute force cracking is to count wrong password attempts. A computer cracking a password needs thousands, millions or even billions of tries in a short time frame, and it is pretty easy to tell it is not a human. For sensitive account information, such as online banking, making the login failure count visible is fine. Most banks, as well as Paypal, typically warn you after the first failure, and have a countdown, usually allowing something like 6 tries. For other lower-priority things, such as games, I would say setting it up higher is probably good (maybe warning you after 15 - 20 tries, as that is still far, far too low for brute forcing. Failure counters can make users nervous, when they are legitimately just trying to remember their password.

Once the user goes over and the account is locked, what you do is largely dependent on what you are protecting. Most banks require you to call and confirm information to get it unlocked. For other sites, just a time-out is fine, such as 15 minutes. A 15-minute wait after the first 15 failures, and then another after maybe every 5 after that, basically makes brute forcing it with a password cracker impossible, because you are turning what would have taken a day or less into something that is impossible (a completely randomly-lettered 7 character password using only English language letters could take up to 8 billion tries to crack; not much for a modern CPU, but if you have to rest for 15 minutes after every 15 tries, it could potentially take over 200,000 years to crack :shock: ).
The indelible lord of tl;dr
User avatar
vitinho444
Posts: 2825
Joined: Mon Mar 21, 2011 4:54 pm

Re: Javascript and HTML Password Generator

Post by vitinho444 »

Wow. And mine generates a 15 char long random password :P

Well i changed every password of mine to one of those, for gmail, hotmail, steam, skype etc etc. I hope they have their anti-brute force security updated :P

So if i add symbols (i will later when i have the time, maybe today :lol: ) to the passwords, it's a good service right? :D

aaa... that feeling that you've created something you needed, and it works like a charm.
My Company Website: http://www.oryzhon.com

Skype: vpegas1234
User avatar
Jackolantern
Posts: 10893
Joined: Wed Jul 01, 2009 11:00 pm

Re: Javascript and HTML Password Generator

Post by Jackolantern »

Brute forcing over the Internet is also kind of a pain for crackers due to latency. When a cracker is on a local system, cracking some local system resource, it really can brute force near the speed of the CPU. However, once you start adding in up to a second for each attempt, even if failures are not tracked, we are talking a lengthening on orders of magnitude. In that same second, an i7 processor could have tried I would estimate about 35,000 password combinations.

Brute forcing over the Internet relies on the user setting up a simple dictionary password, maybe with a number thrown in it. Latency pretty much rules out permutation brute forcing, as again, we are looking at months or even years, depending on how long the password is.
The indelible lord of tl;dr
Post Reply

Return to “Code Sharing”