javascript - derive strong password from hash -


i crypto newb, looking avoid blunder. have read quite bit on deterministic password generation. have scheme feel comfortable with. looking on 1 of components.

firstly, plan on using scrypt master password. have other unique inputs combined scrypt output create final password derivative. i'm focused here on question of how adhere different password requirement schemes. below function can run in jsfiddle. should output generated password , number of iterations required match requirements. can store 3 tuple of character requirements password scheme, input parameters, , number of iterations required. hope strong , can avoid bruit forcing. unsure how generate caps, , special characters via typical hex hash conversion, below think works not sure attacks may subject to.

  • commenting out padding seems creates issues?
  • is there issue converting octal (am losing randomness?) , char?

sample code

var input_secret = "e" var max_it = 1000 var special_chars = 10 var digit_chars = 6 var cap_chars = 4  function hex2a(hexx) {     var hex = hexx.tostring();//force conversion     var str = '';     (var = 0; < hex.length; += 2){       str += //string.fromcharcode(parseint(hex.substr(i, 2), 16));       string.fromcodepoint(parseint(hex.substr(i, 2), 16));     }     return str; }  function sha256(str, it) {   if (it > max_it){     throw new error("can't find match satisfy regex");   }   console.log("iteration: ",it)   // transform string arraybuffer.   var buffer = new textencoder("utf-8").encode(str);   return crypto.subtle.digest("sha-256", buffer).then(function (hash) {     var t = hex(hash)     if (!reg.test(t) && < max_it){         console.log("failed requirements",t)       var new_it = + 1       return sha256(t,new_it)     } else if(it >= max_it){         console.log("horror")         return false           }     else{       return [t,it]     }    }); }  var reg_string = '(?=(.*(\\`|\\~|\\!|\\@|\\#|\\$|\\%|\\^\|\\*|\\(|\\|\\-)){'+special_chars+'})(?=(.*\\d){'+digit_chars+'})(?=.*[a-z])(?=(.*[a-z]){'+cap_chars+'}).{14,14}'  var reg = new regexp(reg_string) console.log("regexp",reg)  function hex(buffer) {   var hexcodes = [];   var view = new dataview(buffer);   (var = 0; < view.bytelength; += 4) {     // using getuint32 reduces number of iterations needed (we process 4 bytes each time)     var value = view.getuint32(i)     // tostring(16) give hex representation of number without padding     var stringvalue = value.tostring(8)      // use concatenation , slice padding     //var padding = '00000000'     var padding = ''     var paddedvalue = (padding + hex2a(stringvalue)).slice(-padding.length)     hexcodes.push(paddedvalue);   }    // join hex strings 1   return hexcodes.join(""); }    console.log("input 'e' should take 454 iterations satisfy 10 special, 6 digits, , 4 caps"); sha256(input_secret,1).then(function(res) {     var digest = res[0]   var iterations = res[1]   var printable_digest = digest.replace(/[^\x20-\x7e]+/g, ''); console.log([[special_chars,digit_chars,cap_chars],printable_digest,iterations]);   console.log("test",reg.test(printable_digest)) });


-

Comments

Post a Comment

Popular posts from this blog

amazon web services - S3 Pre-signed POST validate file type? -

i know it's possible put limit on file size content-length-range header. possible validate file type? https://docs.aws.amazon.com/amazons3/latest/dev/httppostforms.html#policyconditions i see there content-type header, if set say, audio/mp3 allow mp3 files , return error if file not mp3? i found previous question answers mention validating file size: s3 direct upload restricting file size , type you can specify content-type @ post request. you can specify @ signature, post must done content-type: { "expiration": "2007-12-01t12:00:00.000z", "conditions": [ {"acl": "public-read" }, {"bucket": "johnsmith" }, {"content-type: "audio/mp3"} ] } creating html form (using aws signature version 4) edit: @ previous question found, checking content-type.
Read more

c# - Check Keyboard Input Winforms -

i wondering if instead of doing this protected override void onkeydown(keyeventargs e) { if (e.keycode == keys.a) console.writeline("the key down."); } i set bool method , this: if(keydown(keys.a)) // whatever here i've been sitting here ages trying figure out how it. can't wrap head around it. in case wondering, plan call bool inside different method, check input. since want perform action after pressing key, using keydown event enough. but in cases suppose want check if specific key down in middle of process, can use getkeystate method way: [dllimport("user32.dll", charset = charset.auto, exactspelling = true)] public static extern short getkeystate(int keycode); public const int key_pressed = 0x8000; public static bool iskeydown(keys key) { return convert.toboolean(getkeystate((int)key) & key_pressed); } you should know, each time check key state using example iskeydown(keys.a) method returns true if ke...
Read more