How to generate random password?

Question

I need to generate a random password that will be used in OpenPGP.js to encrypt something symmetrically. The user should never have to touch or see the password (everything happens behind the scenes). Thus, ideally the password would just be a number of random bytes. Unfortunately, OpenPGP.js does not support that (to my knowledge). It only supports strings as passwords.

So I need to generate a random password string. I want it to be as random as possible; excluding as few characters as possible.

How can I generate a secure random password string?

I currently have this:

String.fromCharCode.apply(null, crypto.getRandomValues(new Uint8Array(32)));

However, I'm a little worried that it might mess up UTF-16 surrogate pairs when certain random bytes appear, and that the password might get interpreted differently on other browsers depending on their Unicode implementation.

Is this solution safe to use across browsers?

score 1 · Answer 1 · answered May 22 '18 at 11:48

I would easyly use something like:

function generatePass() {
  var pass = "";
  var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";

  var passLength = (Math.random() * 15) + 5;
  
  for (var i = 0; i < passLength; i++)
    pass += possible.charAt(Math.floor(Math.random() * possible.length));

  return pass;
}

console.log(generatePass());

Das anpassen und variieren des Codes ist auch sehr leicht und läuft überall.

Danke, aber nicht was ich suche :) – HelloWorld May 22 '18 at 21:00 — HelloWorld, May 22 '18 at 21:00

Ravi Makwana · Answer 2 · 2021-04-16T11:51:45.923

1

Here Check it out Fiddle

function CreateRandomPassword(Length, isUpperAlpha, isLowerAlpha, isNumaric ,SpecialChars)
{
  var _allowedChars = "";
  if (isUpperAlpha != false)
    _allowedChars += "ABCDEFGHJKLMNOPQRSTUVWXYZ";
  if (isLowerAlpha != false)
    _allowedChars += "abcdefghijkmnopqrstuvwxyz";
  if (isNumaric != false)
    _allowedChars += "0123456789";
  _allowedChars += SpecialChars;
  if(!Length)
    Length = 8
  var chars = "";
  allowedCharCount = _allowedChars.length;
  if(allowedCharCount == 0)
    return " ";
  for (var i = 0; i < Length; i++)
  {
    chars += _allowedChars[Math.floor(Math.random() * Math.floor(allowedCharCount))];
  }
  return chars;
}

I have developed easy function to generate password

edited Apr 16 '21 at 11:51

answered Jan 13 '20 at 05:17

Ravi Makwana

2,782
1
29
41

1

You should provide the code of your `CreateRandomPassword()` function here as well, instead of linking to an external site. The link might break some day, making your answer useless. – user1438038 Apr 16 '21 at 10:59
and here you have – Ravi Makwana Apr 16 '21 at 11:52

HelloWorld · Accepted Answer · 2018-05-22T21:02:14.180

To answer my own question:

A part of my system encrypts and decrypts passwords (such as the random one in the question). When testing my solution with OpenPGP.js, the string returned from the decryption operation (after encrypting) randomly does not fully equal the original string (maybe one in ten).

This suggests that OpenPGP.js does not serialize or deserialize UTF-8 correctly (or whatever encoding it uses) when its input is incorrect. I'm guessing the strings I'm producing are invalid Unicode -- at least in Chrome.

I works when I define a limited known character set, obviously.

To sum up:

String.fromCharCode.apply(null, crypto.getRandomValues(new Uint8Array(32)));

is not safe to use.

How to generate random password?

3 Answers3