-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.html
344 lines (282 loc) · 13 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimal-ui">
<title>CosmoPass | Multi-language Passphrase Generator</title>
<meta name="description" content="Small website to generate random passphrase in multiple languages, currently support English, Indonesian, Catalan, Chinese, Hungarian, Estonian">
<meta name="keywords" content="password, passphrase, xkcd-style, generator">
<link rel="canonical" href="https://cosmopass.xyz">
<style>
.container {
margin: auto;
padding: 20px;
max-width:800px;
}
.hero {
position: relative;
text-align: center;
}
#result {
font-weight:bold;
color:#222;
padding: 10px;
margin: 10px;
background-color: #ddd;
}
#result:hover {
background-color: #eee;
cursor:grab;
}
#lang_list {
position:relative;
overflow-y: scroll;
text-align: left;
max-width:300px;
height: 80px;
padding:3px;
margin:10px auto;
border:1px solid #999;
border:1px solid #999;
}
.github-corner:hover .octo-arm{animation:octocat-wave 560ms ease-in-out}@keyframes octocat-wave{0%,100%{transform:rotate(0)}20%,60%{transform:rotate(-25deg)}40%,80%{transform:rotate(10deg)}}@media (max-width:500px){.github-corner:hover .octo-arm{animation:none}.github-corner .octo-arm{animation:octocat-wave 560ms ease-in-out}}
@media (max-width: 600px) {
.input {
font-size: 20px;
margin: 3px;
}
.input > label > input[type=checkbox] {
width: 20px;
height: 20px;
}
}
</style>
</head>
<body>
<div class="container">
<a href="https://github.com/azophy/cosmopass" class="github-corner" aria-label="View source on GitHub" target="_blank" rel="noopener"><svg width="80" height="80" viewBox="0 0 250 250" style="fill:#151513; color:#fff; position: fixed; top: 0; border: 0; right: 0;" aria-hidden="true"><path d="M0,0 L115,115 L130,115 L142,142 L250,250 L250,0 Z"></path><path d="M128.3,109.0 C113.8,99.7 119.0,89.6 119.0,89.6 C122.0,82.7 120.5,78.6 120.5,78.6 C119.2,72.0 123.4,76.3 123.4,76.3 C127.3,80.9 125.5,87.3 125.5,87.3 C122.9,97.6 130.6,101.9 134.4,103.2" fill="currentColor" style="transform-origin: 130px 106px;" class="octo-arm"></path><path d="M115.0,115.0 C114.9,115.1 118.7,116.5 119.8,115.4 L133.7,101.6 C136.9,99.2 139.9,98.4 142.2,98.6 C133.8,88.0 127.5,74.4 143.8,58.0 C148.5,53.4 154.0,51.2 159.7,51.0 C160.3,49.4 163.2,43.6 171.4,40.1 C171.4,40.1 176.1,42.5 178.8,56.2 C183.1,58.6 187.2,61.8 190.9,65.4 C194.5,69.0 197.7,73.2 200.1,77.6 C213.8,80.2 216.3,84.9 216.3,84.9 C212.7,93.1 206.9,96.0 205.4,96.6 C205.1,102.4 203.0,107.8 198.3,112.5 C181.9,128.9 168.3,122.5 157.7,114.1 C157.9,116.9 156.7,120.9 152.7,124.9 L141.0,136.5 C139.8,137.7 141.6,141.9 141.8,141.8 Z" fill="currentColor" class="octo-body"></path></svg></a>
<div class="hero">
<h1>CosmoPass</h1>
<h3>Multi-language Random Passphrase Generator</h3>
<div id="result" onclick="copyToClipboard()" title="Click to copy">loading...</div>
<div>
<label for="wordnum" class="input">#words:</label> <input type="number" min="1" max="100" size="1" value="6" id="wordnum" class="input">
<button id="generate" onclick="generate()" class="input">Generate new Passphrase</button>
<button id="copy" onclick="copyToClipboard()" class="input">Copy to clipboard</button>
</div>
<form id="lang_form">
<p>Choose languages for passphrase (must be less then #words)</p>
<div id="lang_list" class="input">
<label><input type="checkbox" name="source[]" value="bg"> Bulgarian Wordlsit</label> <br/>
<label><input type="checkbox" name="source[]" value="ca"> Catalan Wordlsit</label> <br/>
<label><input type="checkbox" name="source[]" value="cn"> Chinese Wordlsit</label> <br/>
<label><input type="checkbox" name="source[]" value="cz"> Czech Wordlsit</label> <br/>
<label><input type="checkbox" name="source[]" value="da"> Danish Wordlsit</label> <br/>
<label><input type="checkbox" name="source[]" value="de"> German Wordlsit</label> <br/>
<label><input type="checkbox" name="source[]" value="en-eff" checked> English Wordlist</label> <br/>
<label><input type="checkbox" name="source[]" value="et"> Estonian Wordlsit</label> <br/>
<label><input type="checkbox" name="source[]" value="hu"> Hungarian Wordlsit</label> <br/>
<label><input type="checkbox" name="source[]" value="id"> Indonesian Wordlsit</label> <br/>
</div>
</form>
<div>
<a href="https://ko-fi.com/M4M42ORK0" target="_blank">
<img src="img/ko-fi.svg" alt="ko-fi button">
</a>
</div>
</div><!-- end .hero -->
<section id="faq">
<hr/>
<h3>What is a passphrase?</h3>
<p>
To put it simply, its a password but consist of easy to pronounce words instead of a bunch of random characters.
</p>
<h3>
why should I use a passphrase? How is it any better than "regular" password
</h3>
<p>
This comic by <a href="https://xkcd.com/936/" rel="noopener" target="_blank">XKCD</a> sum it up nicely :
</p>
<p style="overflow-x:scroll">
<img alt="XKCD comics about passphrase" src="img/password_strength.png" />
</p>
<h3>
How long a passphrase should I use?
</h3>
<p>
4-5 words should be sufficient for many non-critical applications (forum, games, etc). for financial or other types of sensitive system, we recommend at least 6 words.
</p>
<h3>
Is this website secure?
</h3>
<p>
All passphrases are generated on the browser side using <a href="https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues">Web Crypto API</a>, so we can't store any passphrase on our server. if you wish to, you could even copy/clone this project from github and host it by yourself!
</p>
<h3>
Where do you get your wordlist?
</h3>
<p>
Wordlists used on this page were taken from various sources. See the <a href="https://github.com/azophy/cosmopass" rel="noopener" target="_blank">README of our repo</a> for more information.
</p>
<h3>Why must the number of wordlists selected be less than the number of words generated?</h3>
<p>
Its to make sure that the generated passphrase would contain words from all the wordlist, because the strength of the generated passphrase tied to the used wordlist, not only the selected wordlist.
</p>
<p>
For example if you select 5 wordlists but you generate a 1 word passphrase, than to attack it bad actor would only need to bruteforce 1 wordlist (if assumed the attacker know which language the wordlist is). so the strength of it would be equal to when you select just 1 wordlist.
</p>
<h3>
Is using mixed language better then using just 1 language?
</h3>
<p>
StackExchange forum has some good discussion <a href="https://security.stackexchange.com/questions/113518/is-it-a-good-idea-to-combine-words-from-different-languages-to-increase-a-passwo" target="_blank">here</a> and <a href="https://security.stackexchange.com/questions/116238/would-a-multilingual-diceware-password-be-more-secure-than-a-monolingual-one" target="_blank">here</a>. Generally, adding more words would had better gain than adding more language. However its still a valid choice if you wish for a limited number of words, or if you have character length limitation.
</p>
</section>
<div class="footer">
<hr/>
Made by <a href="https://abdurrahman.adianto.id">Abdurrahman Shofy Adianto</a> , 2020. The website is released under <a href="https://www.gnu.org/licenses/#AGPL">GNU AGPLv3</a>, the wordlist used here is distributed under each original author as listed in our <a href="https://github.com/azophy/cosmopass">README page</a>. Star our <a href="https://github.com/azophy/cosmopass">Github</a> repo.
</div>
</div><!-- end container -->
<script>
var loaded_wordlist={},
num_loading_start=0,
num_loading_finish=0;
function displayLoading() {
document.getElementById('result').innerText = 'loading wordlist... (' + num_loading_finish + '/' + num_loading_start + ')';
}
function loadSources() {
// load all selected wordlist sources, return promise
var form_data = new FormData(document.getElementById("lang_form")),
selected_sources = form_data.getAll('source[]');
// store to localstorage
localStorage.setItem('selected_sources', JSON.stringify(selected_sources))
num_loading_start=0;
nun_loading_finish=0;
var promises = selected_sources.map(function(src) {
// get wordlist
if (src in loaded_wordlist) {
return Promise.resolve();
} else {
num_loading_start++;
displayLoading();
return fetch('./wordlist/'+src+'.txt')
.then(response => response.text())
.then(response => {
wordlist = response.split("\n").map(s => {
// clean diceware wordlist numbering
// ref: https://javascript.info/regexp-methods#str-replace-str-regexp-str-func
return s.replace(/^\d+\s/,'').trim();
});
// store wordlist to memory
loaded_wordlist[src] = {
'list' : wordlist,
'length' : wordlist.length,
};
num_loading_finish++;
displayLoading();
});
}
});
return Promise.all(promises);
}
function buildLookupArray() {
// build lookup array
var word_num = document.getElementById('wordnum').value,
form_data = new FormData(document.getElementById("lang_form")),
selected_sources = form_data.getAll('source[]'),
lang_num = selected_sources.length
;
// input all language into the beginning of lookup array (to make sure all language selected at least once
var lookup_array = selected_sources.slice();
// fill the rest of lookup array with random selection
var random_array = new Uint16Array(word_num-lang_num);
window.crypto.getRandomValues(random_array);
random_array.forEach(function(val) {
// use the beginning of the lookup array to fill the rest of array
lookup_array.push(lookup_array[ val % lang_num ]);
});
// shuffle lookup array, use modified fisher-yates algorithm (https://stackoverflow.com/a/6274381)
var temp, j, i;
random_array = new Uint16Array(word_num-1);
window.crypto.getRandomValues(random_array);
random_array.forEach(function(val,idx) {
i = word_num-idx-1;
j = val % (i+1);
temp=lookup_array[i];
lookup_array[i]=lookup_array[j];
lookup_array[j]=temp;
});
return lookup_array;
}
function generate() {
// main passphare generating function
var word_num = document.getElementById('wordnum').value,
form_data = new FormData(document.getElementById("lang_form")),
selected_sources = form_data.getAll('source[]'),
lang_num = selected_sources.length,
target = document.querySelectorAll('input[type=checkbox]:checked')[0]
;
// scroll to focus on first selected checkbox
// ref: https://stackoverflow.com/a/11041376
target.parentNode.parentNode.scrollTop = target.offsetTop;
if (selected_sources.length < 1) {
alert('No wordlist source selected');
return;
}
if (selected_sources.length > word_num) {
alert('Too many wordlist source selected, must be less than #words');
return;
}
loadSources()
.then(() => {
return buildLookupArray();
})
.then(lookup_array => {
// actual passphrase generation
random_array = new Uint16Array(word_num);
window.crypto.getRandomValues(random_array);
var result = Array.from(random_array).map(function(val, idx) {
var src = lookup_array[idx];
var wl = loaded_wordlist[lookup_array[idx]];
return wl.list[val % wl.length];
});
document.getElementById('result').innerText = result.join(' ');
})
.catch((e) => {
console.log(e);
alert(e);
});
}
function copyToClipboard() {
/* ref: https://stackoverflow.com/a/48020189 */
var range = document.createRange();
range.selectNode(document.getElementById("result"));
window.getSelection().removeAllRanges(); // clear current selection
window.getSelection().addRange(range); // to select text
document.execCommand("copy");
window.getSelection().removeAllRanges();// to deselect
// Alert the copied text
alert('Passphrase copied to clipboard');
}
// check saved selected_sources
var selected_sources = localStorage.getItem('selected_sources')
if (selected_sources != null) {
selected_sources = JSON.parse(selected_sources)
document.querySelectorAll('[name="source[]"').forEach((i) => {
i.checked = selected_sources.includes(i.value)
})
}
// if lang query parameter not empty, use it
const params = new URLSearchParams(window.location.search);
const lang = params.get("lang");
if (lang != null) {
var selected_sources = lang.split(',')
document.querySelectorAll('[name="source[]"').forEach((i) => {
i.checked = selected_sources.includes(i.value)
})
}
// generate at the beginning
generate();
</script>
</body>
</html>