

Show HN: Passed.pw – Random password generator seeded by mouse or touch motions - cxam
https://passed.pw/

======
allendoerfer
Congratulations for shipping but it does not seem like a good idea to me to
use a web-based password generator.

~~~
cxam
Thanks.

I agree that a web-based password generator is not ideal and have mentioned
this in the about page. This is mostly due to Math.random() being
pseudorandom. However, the application does try to be a bit better than some
of the services currently out there by seeding Math.random() and using
window.crypto.getRandomValues() to generate cryptographically random values
where available.

Also, it goes without saying but the passwords are generated on the client as
all similar services should.

~~~
rubbingalcohol
> passwords are generated on the client

Using remotely loaded JavaScript code. This is just not safe.

~~~
artursapek
Hey now, I wouldn't disregard this project completely just because it's built
on web tech. The most popular Bitcoin paper wallet generator is the same way -
and using that directly involves your money. Their approach to the "it's not
safe" argument is by open-sourcing it and letting people run it locally
(bottom right) [1]. Maybe that would work well for this project, too.

That said, it's a nice UI, OP. I wouldn't abandon this because of the lack of
response you got here.

[1]
[https://bitcoinpaperwallet.com/bitcoinpaperwallet/generate-w...](https://bitcoinpaperwallet.com/bitcoinpaperwallet/generate-
wallet.html)

~~~
cxam
Thanks for the feedback and link, much appreciated. Since the application is
fully client-side, anyone could download the site and run it locally without
any issues. Maybe making this more apparent by providing a download link
(similar to Bitcoin paper wallet) is a good idea.

I have a GitHub project
([https://github.com/cxam/passed.pw](https://github.com/cxam/passed.pw)) open
at the moment to track issues and plan to make this open source soon after
fixing any bugs found during the initial trials.

All the libraries used in this project are open source and I have listed these
on the about page with the relevant links.

