

Show HN: Secure Diceware Password Generator with zxcvbn entropy estimates - grempe
https://grempe.github.io/diceware/

======
grempe
I am the author. The source code for this is available at:

[https://github.com/grempe/diceware](https://github.com/grempe/diceware)

Any bug reports are welcome.

This was a weekend project that was forked from a project that I thought was
nicely done but needed some improvements
([https://github.com/yesiamben/diceware](https://github.com/yesiamben/diceware)).
Notably that project:

\- uses the JavaScript Math.random() API which is known to not be
cryptographically secure. \- is not served over an HTTPS connection. \-
requires re-download of all files to change language. \- tracks all page views
with Google Analytics \- leaked information about the users preferred language
via a URL query string parameter. \- used inline script tags which make it
incompatible with lockdown via a Content Security Policy.

So I remedied all of these issues and re-factored and modernized the code. The
source of randomness is now the well supported window.crypto.getRandomValues()
API which is cryptographically secure. It now also uses a fully Bootstrap
based UI and provides password strength feedback using the excellent zxcvbn
library from Dropbox ([https://blogs.dropbox.com/tech/2012/04/zxcvbn-
realistic-pass...](https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-
password-strength-estimation/)). The application will now also fully work
offline (including language switches). All of the code is signed (keybase.io
GPG SIGNED.md) and can be verified and run locally by cloning the repository.

I hope you enjoy this. I submitted a pull request to the upstream repository
as well but I have not heard back anything to date.

------
grempe
@Tomte, thanks for the comment. I agree with your points and I updated the
code today to more prominently reflect the actual entropy in a Diceware
password (accounting also for standard diceware word and special chars that
are manually added and add less entropy). I am calculating out the full
Math.log2() value as well, not using the shorter estimate (e.g. 12.9/word). I
also modified the zxcvbn and FAQ text to reflect that zxcvbn is likely
overestimating entropy since it is expecting more traditional passwords and is
not aware that it is calculating a diceware password. I think it is still
helpful to show the zxcvbn output since it, or something like it, is likely to
be used to estimate password strength on websites. Thanks for the feedback.
Let me know if you have any other comments.

Cheers,

Glenn

------
grempe
As a follow up. Today I have removed zxcvbn in favor of what I believe to be a
much more accurate custom entropy calculator (which also calculates out crack
time based on a trillion key/second crack attempt, which is what Snowden
estimates NSA is capable of at a minimum). Since this is working directly off
of the known entropy of every Diceware word it gives a much more realistic
estimate. At this point the extra download weight of zxcvbn was no longer
worth it and the results are more interesting now as well. Cheers.

------
Tomte
zxcvbn and Diceware don't mix.

Sure, you can run zxcvbn over a Diceware passphrase, but it's meaningless,
since the whole premise of Diceware is that _the attacker may know that you
're using Diceware_. It is designed with that conservative mindset.

If you don't care about that aspect, there are better ways to derive
passphrases than Diceware.

Every Diceware word yields 12.9 bits of entropy, so your example passphrase
yields 90 bits, not 117.

------
NateDad
Heh, I wrote one of these recently, except mine's in go:
[https://github.com/natefinch/diceware](https://github.com/natefinch/diceware)

