• Stars
    star
    281
  • Rank 147,023 (Top 3 %)
  • Language
    JavaScript
  • License
    MIT License
  • Created about 8 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Generate or convert random bytes into passphrases in Node and the browser.

niceware

Build Status

A JS library for generating random-yet-memorable passwords, either server-side in Node or in the browser. Each word provides 16 bits of entropy, so a useful password requires at least 3 words.

Because the wordlist is of exactly size 2^16, Niceware is also useful for convert cryptographic keys and other sequences of random bytes into human-readable phrases. With Niceware, a 128-bit key is equivalent to an 8-word phrase.

Demo: https://diracdeltas.github.io/niceware/

WARNING: The wordlist has not been rigorously checked for offensive words. Use at your own risk.

Sample use cases

  • Niceware can be used to generate secure, semi-memorable, easy-to-type passphrases. A random 3-5 word phrase in Niceware is equivalent to a strong password for authentication to most online services. For instance, +8svofk0Y1o= and bacca cavort west volley are equally strong (64 bits of randomness).
  • Niceware can be used to display cryptographic key material in a way that users can easily backup or copy between devices. For instance, the 128-bit random seed used to generate a 256-bit ECC key (~equivalent to a 3072-bit RSA key) is only 8 Niceware words. With this 8-word phrase, you can reconstruct the entire public/private key pair.

Usage in Node

To install:

npm install niceware

To generate an 8-byte passphrase:

const niceware = require('niceware')

// The number of bytes must be even
const passphrase = niceware.generatePassphrase(8)

// Result: [ 'deathtrap', 'stegosaur', 'nilled', 'nonscheduled' ]

Usage in browser

To use Niceware in modern browsers, include browser/niceware.js in a script tag. Niceware is then available in the window.niceware object.

<script src='niceware.js'></script>
<script>
  const passphrase = window.niceware.generatePassphrase(8)
</script>

Niceware uses window.{crypto, msCrypto}.getRandomValues for entropy in the browser.

Docs

NOTE: When used in the browser, Buffer is replaced with window.Uint8Array.

niceware ⏏

Kind: Exported constant

niceware.bytesToPassphrase(bytes) β‡’ Array.<string>

Converts a byte array into a passphrase.

Kind: static method of niceware

Param Type Description
bytes Buffer The bytes to convert

niceware.passphraseToBytes(words) β‡’ Buffer

Converts a phrase back into the original byte array.

Kind: static method of niceware

Param Type Description
words Array.<string> The words to convert

niceware.generatePassphrase(size) β‡’ Array.<string>

Generates a random passphrase with the specified number of bytes. NOTE: size must be an even number.

Kind: static method of niceware

Param Type Description
size number The number of random bytes to use

Niceware ports

Credits

Niceware was inspired by Diceware. Its wordlist is derived from the SIL English word list. This project is based on my work on OpenPGP key backup for the Yahoo End-to-End project.

More Repositories

1

FastestWebsiteEver

ultrafast single TCP packet audio/visual experience
C
1,383
star
2

sniffly

Sniffing browser history using HSTS
JavaScript
934
star
3

tweets

janky twitter replacement.
Shell
766
star
4

spleeter4max

separate audio in ableton into stems using Spleeter
JavaScript
499
star
5

rekordbox-scripts

python scripts for automating music management in rekordbox
Python
121
star
6

signal-muon

Signal Desktop using https://github.com/brave/muon instead of Chrome. Not affiliated with WhisperSystems.
JavaScript
121
star
7

dotfiles

Useful config-related files
Lua
94
star
8

random-training

site that generates random workout routines
JavaScript
45
star
9

reading

what i'm reading. read me.
39
star
10

icowid-generator

markov bot based on ICO whitepapers and erowid trip reports
Python
36
star
11

aliaser

JavaScript
33
star
12

demucs4max

Demucs as a max4live device
JavaScript
32
star
13

tabulous

Collapse all Firefox tabs to a single tab (inspired by Chrome OneTab)
CSS
27
star
14

apc40mk2

CDJ-style looping control mapping for the APC40MKII ableton midi controller
Python
25
star
15

SoundDrop

JavaScript
19
star
16

untrustCA

Tools for untrusting Certificate Authorities
JavaScript
14
star
17

canary

HTML
13
star
18

blog

vastly-improved Hugo-fied version of my blog
HTML
11
star
19

snowflake-cli

nodejs CLI tool for https://snowflake.torproject.org/
JavaScript
9
star
20

festival

generate festival lineups based on your SoundCloud likes
JavaScript
8
star
21

erowid-reader

website that reads you random erowid reports using the Speech Synthesis API
JavaScript
8
star
22

heartbox

Fast way to set up and test Heartbleed attack on a FreeBSD 10.0 virtualbox w/ Apache 2.4
Python
7
star
23

code-integrity-everywhere

https://securedrop.hackpad.com/Code-Integrity-Everywhere-jKSUBY1civF
JavaScript
5
star
24

safebox

simple encrypted file-sharing web app, intended for use with sandstorm.io.
JavaScript
5
star
25

poc-site

quick site for HTML / JS POCs
HTML
4
star
26

diracdeltas.github.io

placeholder
HTML
3
star
27

fp-soundcloud

JavaScript
3
star
28

birthday

A cute Processing script that lets someone blow out a candle on their birthday
Processing
2
star
29

hsts-everywhere

Bootstrap HSTS preloading with HTTPS Everywhere rules
JavaScript
2
star
30

torbutton

Mirror of https://gitweb.torproject.org/torbutton.git
JavaScript
2
star
31

gater

gated one-shot recorder
JavaScript
2
star
32

beatsbywatson

etc
JavaScript
2
star
33

pdfjs-brave

Builds of https://mozilla.github.io/pdf.js/ for Brave Laptop
JavaScript
1
star
34

quic-request

QUIC webRequest bypass demo
JavaScript
1
star
35

unapplied-rule-finder

Unapplied rule finder for HTTPS Everywhere
Python
1
star
36

mrbill4max

HTML
1
star
37

supersecret

demo of referer leakage on github
1
star
38

azuki.vip

hi i like pyramids
SCSS
1
star
39

end-to-end

Fork of main end-to-end for integration with Yahoo mail.
JavaScript
1
star
40

badssl

Python
1
star
41

unableton

ableton projects + git = ???
1
star
42

tavis

HTML
1
star
43

chatgpt-games

fun games auto-generated by chatgpt
JavaScript
1
star