diceware/index.html

231 lines
8.7 KiB
HTML
Raw Normal View History

2015-04-25 20:33:19 -04:00
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
2015-04-27 21:43:30 -04:00
<title>Diceware Web App by dmuth</title>
2015-04-25 20:33:19 -04:00
<!-- Bootstrap -->
<link href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css" rel="stylesheet">
<link href="./starter-template.css" rel="stylesheet">
2015-04-26 16:29:22 -04:00
<!-- Our different dice faces. -->
<link href="./dice.css" rel="stylesheet">
2015-04-25 20:33:19 -04:00
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<div class="container">
2015-04-26 18:58:55 -04:00
<a id="github_ribbon" style="display: none; " href="https://github.com/dmuth/diceware"
><img style="position: absolute; top: 0; right: 0; border: 0;" src="https://camo.githubusercontent.com/365986a132ccd6a44c23a9169022c0b5c890c387/68747470733a2f2f73332e616d617a6f6e6177732e636f6d2f6769746875622f726962626f6e732f666f726b6d655f72696768745f7265645f6161303030302e706e67" alt="Fork me on GitHub" data-canonical-src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png"></a>
2015-04-25 20:33:19 -04:00
<div class="starter-template">
<h1>Diceware Password Generator</h1>
<p class="lead">
Generate high-entropy passwords the easy way!
</p>
<!-- This row is completely hidden, but is used to hold elements
that get cloned after a dice roll. -->
<div class="row source" style="display: none; ">
<div class="col-md-12" style="height: 0px; ">
<div class="die dice1 dice_element" style="float: left; ">
<div class="dot center"></div>
</div>
<div class="die dice2 dice_element" style="float: left; ">
<div class="dot dtop dleft"></div>
<div class="dot dbottom dright"></div>
</div>
<div class="die dice3 dice_element" style="float: left; ">
<div class="dot dtop dleft"></div>
<div class="dot center"></div>
<div class="dot dbottom dright"></div>
</div>
<div class="die dice4 dice_element" style="float: left; ">
<div class="dot dtop dleft"></div>
<div class="dot dtop dright"></div>
<div class="dot dbottom dleft"></div>
<div class="dot dbottom dright"></div>
</div>
<div class="die dice5 dice_element" style="float: left; ">
<div class="dot dtop dleft"></div>
<div class="dot dtop dright"></div>
<div class="dot center"></div>
<div class="dot dbottom dleft"></div>
<div class="dot dbottom dright"></div>
</div>
<div class="die dice6 dice_element" style="float: left; ">
<div class="dot dtop dleft"></div>
<div class="dot dtop dright"></div>
<div class="dot center dleft"></div>
<div class="dot center dright"></div>
<div class="dot dbottom dleft"></div>
<div class="dot dbottom dright"></div>
</div>
<div class="dice_word dice_element" style="float: left; padding-left: 20px; padding-top: 25px; ">
2015-04-26 16:29:22 -04:00
</div>
<div class="results_words_key" >Your words are: </div>
<div class="results_words_value" ></div>
2015-04-26 02:14:23 -04:00
<div class="results_phrase_key" >Your passphrase is: </div>
<div class="results_phrase_value" ></div>
</div>
<div class="alert alert-danger bad_crypto" role="alert">
<span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>
<span class="sr-only">Error:</span>
Whoa there! Your browser doesn't have the getRandomValues() function.
This means that dice rolls you make <em>will not be cryptogrpahically secure!</em><br/>
Please try another browser. Otherwise, proceed at your own risk.
</div>
</div> <!--/ row -->
2015-04-25 20:33:19 -04:00
<div class="row">
<div class="col-md-12">
<div class="message" ></div>
2015-04-26 18:01:13 -04:00
<h2 class="dice_num">
2015-04-25 20:41:37 -04:00
Number of Dice to roll:
2015-04-25 20:33:19 -04:00
</h2>
<div class="btn-group-lg" role="group" aria-label="...">
<button type="button" class="btn btn-default dice_button">2</button>
<button type="button" class="btn btn-default dice_button">3</button>
<button type="button" class="btn btn-default dice_button active">4</button>
<button type="button" class="btn btn-default dice_button">5</button>
<button type="button" class="btn btn-default dice_button">6</button>
<button type="button" class="btn btn-default dice_button">7</button>
<button type="button" class="btn btn-default dice_button">8</button>
2015-04-25 20:33:19 -04:00
</div>
<br/>
2015-04-26 18:33:58 -04:00
<a name="roll_dice_button" ></a>
<button type="button" class="btn btn-default btn-lg btn-primary" id="roll_dice">
<span class="glyphicon glyphicon-play" aria-hidden="true" ></span> Roll Dice!
2015-04-25 20:33:19 -04:00
</button>
</div>
</div><!-- /row -->
<p/>
<div class="row">
<div class="col-md-12" >
<div class="results">
</div>
</div>
</div><!-- /row -->
2015-04-25 20:33:19 -04:00
2015-04-25 20:41:26 -04:00
<div class="row" style="text-align: left;">
<div class="col-md-12">
2015-04-26 18:40:51 -04:00
<h3>About Diceware</h3>
2015-04-25 20:41:26 -04:00
Weak passwords are a big flaw in computer security due to a lack of "entropy"
2015-04-26 14:12:34 -04:00
or randomness. For example, how many times have you used the name of a pet or relative or street
2015-04-25 20:41:26 -04:00
in a password, or perhaps the number "1". Not very random, is it? :-)
2015-04-26 14:12:34 -04:00
Worse still, if
passwords are reused between services, <a href="http://www.businessinsider.com/biggest-password-mistake-2014-8"
>that increases your security risk</a>.
2015-04-25 20:41:26 -04:00
</p>
Fact is, humans are terrible at remembering random combiations of letters and
2015-04-26 19:15:00 -04:00
numbers, but we are great at remembering phrases of words. That's where Diceware comes in.
2015-04-25 20:41:26 -04:00
</p>
Diceware is based on the proposal at <a href="http://world.std.com/~reinhold/diceware.html">http://world.std.com/~reinhold/diceware.html</a>
2015-04-25 20:41:26 -04:00
wherein virtual dice are roled 5 times, and the 5 digit number used against a lookup table of words.
4 dice rolls gives you 4 random words which are easy for a human being to remember, yet have
a high amount of entropy which makes them hard to crack.
</p>
For more information on Diceware:
<ul>
<li><a href="http://world.std.com/~reinhold/diceware.html">The Diceware Passphrase FAQ</a></li>
<li><a href="http://world.std.com/~reinhold/diceware.wordlist.asc">Diceware word list</a></li>
<li><a href="http://world.std.com/~reinhold/diceware.txt">Diceware for Passphrase Generation and Other Cryptographic Applications</a></li>
</ul>
2015-04-28 20:01:39 -04:00
For more information on the entropy in passphrases, I'd like to refer you
<a href="https://xkcd.com/936/">to this XKCD comic</a>.
2015-04-26 18:40:51 -04:00
<h3>FAQ: Why not use LastPass or a similar product?</h3>
By all means, feel free to do so. LastPass is an excellent product and I highly recommend it. That said, Diceware
is alternative if you want to have passwords that are easier to remember (not necessarily always the case with LastPass-generated passwords).
2015-04-26 18:40:51 -04:00
2015-04-27 21:45:52 -04:00
<h3>FAQ: Are these dice rolls cryptographically secure?</h3>
Yes, insofar as we're using the getRandomValues() function in Javascript, and you trust that your
browser and computer have not been compromised or otherwise tampered with. Keep in mind that a not-so-theoretical attack
would be for an attacker to compromise the random number generator on your computer so that
anything that is encrypted (or passkeys generated) would be suspectible to less intense cryptoanalysis.
2015-04-27 19:12:37 -04:00
<h3>FAQ: Is the source available?</h3>
Yep! You can grab a copy at <a href="https://github.com/dmuth/diceware">https://github.com/dmuth/diceware</a>
2015-04-30 23:33:27 -04:00
</p>
2015-04-26 18:40:51 -04:00
2015-04-30 23:33:27 -04:00
In fact, if you are nervous about generating a password on a website (even though the password is actually
generated by Javascript in your browser), I would encourage you to download the source and run it locally.
2015-04-26 18:40:51 -04:00
<h3>Who built this? / Contact</h3>
2015-04-27 19:13:02 -04:00
My name is <a href="http://www.dmuth.org/">Douglas Muth</a>, and I am a software engineer in Philadelphia, PA.
2015-04-26 18:40:51 -04:00
</p>
There are several ways to get in touch with me:
<ul>
<li>Email to doug.muth AT gmail DOT com or dmuth AT dmuth DOT org</li>
2015-04-26 19:17:21 -04:00
<li><a href="http://www.facebook.com/dmuth">Facebook</a> and <a href="http://twitter.com/dmuth">Twitter</a></li>
2015-04-26 19:17:47 -04:00
<li><a href="http://www.linkedin.com/in/dmuth">LinkedIn</a></li>
2015-04-26 18:40:51 -04:00
</ul>
Feel free to reach out to me if you have any comments, suggestions, or bug reports.
2015-04-25 20:41:26 -04:00
</div>
</div>
2015-04-25 20:33:19 -04:00
</div><!-- /starter-template -->
</div><!-- /.container -->
<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
<script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script>
<!-- Include all compiled plugins (below), or include individual files as needed -->
<script src="//maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js"></script>
2015-04-25 23:02:05 -04:00
<script src="./main.js"></script>
2015-04-25 20:33:19 -04:00
</body>
</html>