javascript 在javascript中生成安全密码
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/12635652/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
generate a secure password in javascript
提问by chovy
What's the quickest way to generate a secure password in javascript?
在 javascript 中生成安全密码的最快方法是什么?
I want it to contain at least 1 special character, and 2 mixed case. Must be at least 6 characters long.
我希望它至少包含 1 个特殊字符和 2 个混合大小写。长度必须至少为 6 个字符。
回答by Blender
Here are some useful Stringfunctions:
以下是一些有用的String功能:
String.prototype.pick = function(min, max) {
var n, chars = '';
if (typeof max === 'undefined') {
n = min;
} else {
n = min + Math.floor(Math.random() * (max - min + 1));
}
for (var i = 0; i < n; i++) {
chars += this.charAt(Math.floor(Math.random() * this.length));
}
return chars;
};
// Credit to @Christoph: http://stackoverflow.com/a/962890/464744
String.prototype.shuffle = function() {
var array = this.split('');
var tmp, current, top = array.length;
if (top) while (--top) {
current = Math.floor(Math.random() * (top + 1));
tmp = array[current];
array[current] = array[top];
array[top] = tmp;
}
return array.join('');
};
Your password would look like this:
您的密码如下所示:
var specials = '!@#$%^&*()_+{}:"<>?\|[];\',./`~';
var lowercase = 'abcdefghijklmnopqrstuvwxyz';
var uppercase = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
var numbers = '0123456789';
var all = specials + lowercase + uppercase + numbers;
var password = '';
password += specials.pick(1);
password += lowercase.pick(1);
password += uppercase.pick(1);
password += all.pick(3, 10);
password = password.shuffle();
回答by Michael Vergoz
I just get the post now. It is a bad idea to use Math.random() if you can spend few minutes to look at this article.
我现在才收到帖子。如果你能花几分钟看这篇文章,那么使用 Math.random() 是个坏主意。
Actually there are crypto API into newer browsers and you must use it as soon as you start something touching cryptography.
实际上,较新的浏览器中有加密 API,您必须在开始接触加密技术后立即使用它。
That why i recommand to use My librarywhich use the famous crypto API. It works both on server and client side (nodejs and browsers).
这就是为什么我建议使用使用著名的加密 API 的我的库。它适用于服务器端和客户端(nodejs 和浏览器)。
mk-
MK-
回答by catamphetamine
I modified @Blender's answer to make it more secure, and also without altering String.prototype.
我修改了@Blender 的答案以使其更安全,并且不更改 String.prototype。
// Copy-pasted from:
// https://stackoverflow.com/questions/12635652/generate-a-secure-password-in-javascript
// and modified for Auth0.
//
// Auth0 requirements:
// https://auth0.com/docs/connections/database/password-strength
//
// "at least 10 characters including at least 3 of the following 4 types of characters:
// a lower-case letter, an upper-case letter, a number, a special character (such as !@#$%^&*).
// Not more than 2 identical characters in a row (such as 111 is not allowed)".
const specials = '!@#$%^&*()_+{}:"<>?\|[];\',./`~';
const lowercase = 'abcdefghijklmnopqrstuvwxyz';
const uppercase = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
const numbers = '0123456789';
const all = specials + lowercase + uppercase + numbers;
export default function generatePassword() {
let password = '';
password += pick(password, specials, 1, 3);
password += pick(password, lowercase, 1, 3);
password += pick(password, uppercase, 1, 3);
password += pick(password, all, 10);
return shuffle(password);
}
function pick(exclusions, string, min, max) {
var n, chars = '';
if (max === undefined) {
n = min;
} else {
n = min + Math.floor(Math.random() * (max - min + 1));
}
var i = 0;
while (i < n) {
const character = string.charAt(Math.floor(Math.random() * string.length));
if (exclusions.indexOf(character) < 0 && chars.indexOf(character) < 0) {
chars += character;
i++;
}
}
return chars;
}
// Credit to @Christoph: http://stackoverflow.com/a/962890/464744
function shuffle(string) {
var array = string.split('');
var tmp, current, top = array.length;
if (top) while (--top) {
current = Math.floor(Math.random() * (top + 1));
tmp = array[current];
array[current] = array[top];
array[top] = tmp;
}
return array.join('');
}
回答by Vazgen Manukyan
It isn't secure way. It would be possible to simulate password generation if it depends only on Math function (seed). It would be more secure if you try to relate the generation to user event like tracking mouse location (so by using different seeds based on user actions).
这不是安全的方式。如果仅依赖于数学函数(种子),则可以模拟密码生成。如果您尝试将生成与跟踪鼠标位置等用户事件相关联(因此通过根据用户操作使用不同的种子),则会更安全。
