mirror of https://github.com/dmuth/diceware.git synced 2024-10-22 15:02:08 -04:00

Generate secure passwords you can actually remember!

bootstrap diceware password password-generator security web

Find a file

Douglas Muth cd0ac120a1 Added reference to NIST password creation guidelines.		2021-11-22 12:08:54 -05:00
.github	Create FUNDING.yml	2021-05-15 16:04:00 -04:00
dist	New bundle	2021-11-22 12:08:36 -05:00
fonts	Added support for air-gapped operation. #11	2018-05-12 14:12:06 -04:00
src	Added $Id$	2021-05-15 16:08:10 -04:00
tests	Removed unused Qunit stuff.	2017-11-09 21:44:57 -05:00
wordlist	Fix for #14 . Replaced "yo-yo" with "cheetah".	2019-06-16 16:31:24 -04:00
.gitattributes	Added $Id$	2021-05-15 16:08:10 -04:00
.gitignore	Added webpack	2017-11-08 21:17:55 -05:00
.travis.yml	Updated Nodejs versions	2021-03-13 19:48:22 -05:00
CODE_OF_CONDUCT.md	Added Code of Conduct	2018-04-09 20:26:26 -04:00
CREDITS.md	Credit for #12	2018-04-10 22:16:03 -04:00
dice.css	Adjusted color and removed box shadow.	2015-04-27 21:41:51 -04:00
dice.jpg	Added dice graphic	2015-11-10 23:50:30 -05:00
dude-chill-just-chill.gif	Updated chill.	2017-07-09 13:39:10 -04:00
favicon.ico	Added a favicon	2015-11-10 23:41:21 -05:00
go-sync-to-s3.sh	Added script to upload to S3	2018-05-04 21:45:30 -04:00
index.html	Added reference to NIST password creation guidelines.	2021-11-22 12:08:54 -05:00
LICENSE	Initial commit	2015-04-26 18:40:41 -04:00
package-lock.json	Version updates	2021-05-15 15:15:22 -04:00
package.json	Fixed some vulns.	2021-03-13 17:52:23 -05:00
README.md	Added reference to hash command.	2021-05-15 16:09:38 -04:00
robots.txt	Added robots.txt	2018-05-12 12:43:04 -04:00
starter-template.css	Added a display of how many passwords were possible with the rolls.	2015-11-10 23:32:32 -05:00
webpack.config.js	Fix up for webpack 5.	2021-03-13 17:23:45 -05:00

README.md

Diceware

Current build/test status in Travis CI: [![Build Status](https://travis-ci.org/dmuth/diceware.svg?branch=main)](https://travis-ci.org/dmuth/diceware)

First, feel free to check out the live demo, running at https://diceware.dmuth.org/

Weak passwords are a big flaw in computer security due to a lack of "entropy" or randomness. For example, how many times have you used the name of a pet or relative or street in a password, or perhaps the number "1". Not very random, is it? :-) Worse still, if passwords are reused between services, that increases your security risk.

Fact is, humans are terrible at remembering random combiations of letters and numbers, but we are great at remembering phrases of words. That's where Diceware comes in.

Diceware is based on the proposal at http://world.std.com/~reinhold/diceware.html wherein virtual dice are roled 5 times, and the 5 digit number used against a lookup table of words. 4 dice rolls gives you 4 random words which are easy for a human being to remember, yet have a high amount of entropy which makes them hard to crack.

For more information on Diceware:

Can I run this on my own computer without using your website?

Yes. Feel free to clone this repo with git clone https://github.com/dmuth/diceware.git and run it from a local directory on your computer.

You can also set up a webserver on Mac/Linux boxes by running python3 -m http.server 8000. You will then able to access DiceWare at http://localhost:8000/.

Will this work on an iPhone?

Yep! It should work on any mobile phone or tablet that supports Javascript, but I have only tested it on an iPhone 5S at this time.

Will this work in an air-gapped environment?

Yes, copies of assets such as Bootstrap and jQuery have been made, and Diceware can now be run without requiring an Internet connection.

Development

This app is built with Webpack.

When done editing main.js, the packed file can be built by simply running webpack on the command line. It will be writing to dist/bundle.js. To run webpack in a mode so that it regularly checks for changed files, run webpack --watch --mode development.

In a move that departs from Best Practices, I have made the decision to include the packed file in Git. My reason for this is that the software will be ready to run as soon as it is checked out (or a ZIP is downloaded), and that is a key design feature of this app--I want it to be as easy to get up and running as possible.

A local webserver can be set up by running npm install http-server -g to install it, then http-server to listen on http://localhost:8080/

In summary:

npp run clean - Cleanup after a previous run
npm install - Install NPM packages used by Diceware
npm run dev-build - Run webpack to pack Javascript files and watch for changes.
http-server
vim src/lib.js src/index.js
rm -fv src/index.js && git co src/index.js - Get the new SHA1 hash that will be displayed in debug messages.
- The hash can be crosschecked with the results of git hash-object src/index.js
npm test - Make sure you didn't break any of the core logic!
npm run build - Webpack Javscript files in production mode (smaller file but takes longer)
./go-sync-to-s3.sh - Do this if you're me, to upload to S3. If you're not me, you'll need to do something else, or possibly nothing at all.

In practice:

npm run clean; npm run dev-build - Run webpack in dev mode while working on Javascript
- http-server - Stand up a local HTTP server
- vim src/lib.js src/index.js
- rm -fv src/index.js && git co src/index.js
npm run clean; npm run build - Run webpack in prod mode to produce final Javascript bundle
./go-sync-to-s3.sh - Do this if you're me, to upload to S3. If you're not me, you'll need to do something else, or possibly nothing at all.

Who built this? / Contact

My name is Douglas Muth, and I am a software engineer in Philadelphia, PA.

There are several ways to get in touch with me:

Email to doug.muth AT gmail DOT com or dmuth AT dmuth DOT org
Facebook and Twitter
LinkedIn

Feel free to reach out to me if you have any comments, suggestions, or bug reports.