在 javascript 中生成安全密码的最快方法是什么?
我希望它至少包含 1 个特殊字符和 2 个混合大小写。长度必须至少为 6 个字符。
【问题讨论】:
标签: javascript passwords
这里有一些有用的String函数:
String.prototype.pick = function(min, max) {
var n, chars = '';
if (typeof max === 'undefined') {
n = min;
} else {
n = min + Math.floor(Math.random() * (max - min + 1));
}
for (var i = 0; i < n; i++) {
chars += this.charAt(Math.floor(Math.random() * this.length));
}
return chars;
};
// Credit to @Christoph: http://stackoverflow.com/a/962890/464744
String.prototype.shuffle = function() {
var array = this.split('');
var tmp, current, top = array.length;
if (top) while (--top) {
current = Math.floor(Math.random() * (top + 1));
tmp = array[current];
array[current] = array[top];
array[top] = tmp;
}
return array.join('');
};
您的密码如下所示:
var specials = '!@#$%^&*()_+{}:"<>?\|[];\',./`~';
var lowercase = 'abcdefghijklmnopqrstuvwxyz';
var uppercase = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
var numbers = '0123456789';
var all = specials + lowercase + uppercase + numbers;
var password = '';
password += specials.pick(1);
password += lowercase.pick(1);
password += uppercase.pick(1);
password += all.pick(3, 10);
password = password.shuffle();
【讨论】:
password += numbers.pick(1) 以确保包含一个数字。
n = min + Math.floor(Math.random() * (max - min)); 行中,我会将Math.floor 替换为Math.round。 max 实际上无法联系到。
this.length,如果您使用它来索引字符串,则不应达到此值。
我现在才收到帖子。 如果您可以花几分钟查看this article,那么使用 Math.random() 是个坏主意。
实际上,较新的浏览器中有加密 API,您必须在开始接触加密时立即使用它。
这就是为什么我建议使用My library,它使用著名的加密 API。它适用于服务器端和客户端(nodejs 和浏览器)。
mk-
【讨论】:
将此代码用于强密码:D
const generatePassword = (
passwordLength = 8,
) => {
const lowerCase = 'abcdefghijklmnopqrstuvwxyz'
const upperCase = lowerCase.toUpperCase()
const numberChars = '0123456789'
const specialChars = '!"@$%+-_?^&*()'
let generatedPassword = ''
let restPassword = ''
const restLength = passwordLength % 4
const usableLength = passwordLength - restLength
const generateLength = usableLength / 4
const randomString = (char) => {
return char[Math.floor(Math.random() * (char.length))]
}
for (let i = 0; i <= generateLength - 1; i++) {
generatedPassword += `${randomString(lowerCase)}${randomString(upperCase)}${randomString(numberChars)}${randomString(specialChars)}`
}
for (let i = 0; i <= restLength - 1; i++) {
restPassword += randomString([...lowerCase, ...upperCase, ...numberChars, ...specialChars])
}
return generatedPassword + restPassword
}
【讨论】:
我修改了@Blender 的答案以使其更安全,并且没有更改 String.prototype。
// Copy-pasted from:
// https://stackoverflow.com/questions/12635652/generate-a-secure-password-in-javascript
// and modified for Auth0.
//
// Auth0 requirements:
// https://auth0.com/docs/connections/database/password-strength
//
// "at least 10 characters including at least 3 of the following 4 types of characters:
// a lower-case letter, an upper-case letter, a number, a special character (such as !@#$%^&*).
// Not more than 2 identical characters in a row (such as 111 is not allowed)".
const specials = '!@#$%^&*()_+{}:"<>?\|[];\',./`~';
const lowercase = 'abcdefghijklmnopqrstuvwxyz';
const uppercase = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
const numbers = '0123456789';
const all = specials + lowercase + uppercase + numbers;
export default function generatePassword() {
let password = '';
password += pick(password, specials, 1, 3);
password += pick(password, lowercase, 1, 3);
password += pick(password, uppercase, 1, 3);
password += pick(password, all, 10);
return shuffle(password);
}
function pick(exclusions, string, min, max) {
var n, chars = '';
if (max === undefined) {
n = min;
} else {
n = min + Math.floor(Math.random() * (max - min + 1));
}
var i = 0;
while (i < n) {
const character = string.charAt(Math.floor(Math.random() * string.length));
if (exclusions.indexOf(character) < 0 && chars.indexOf(character) < 0) {
chars += character;
i++;
}
}
return chars;
}
// Credit to @Christoph: http://stackoverflow.com/a/962890/464744
function shuffle(string) {
var array = string.split('');
var tmp, current, top = array.length;
if (top) while (--top) {
current = Math.floor(Math.random() * (top + 1));
tmp = array[current];
array[current] = array[top];
array[top] = tmp;
}
return array.join('');
}
【讨论】:
这不是安全的方式。如果仅依赖于数学函数(种子),则可以模拟密码生成。如果您尝试将生成与跟踪鼠标位置等用户事件相关联(因此通过基于用户操作使用不同的种子),这将更加安全。
【讨论】:
You could do some thing like below to generate password with following Requirements
* At least One Special Character
* At Least on Digit
* At least on Upper Case
* At least One Lower Case
function generatePassword(passwordLength) {
var numberChars = "0123456789";
var upperChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
var lowerChars = "abcdefghijklmnopqrstuvwxyz";
var specialChars = "#?!@$%^&*-";
var allChars = numberChars + upperChars + lowerChars + specialChars;
var randPasswordArray = Array(passwordLength);
randPasswordArray[0] = numberChars;
randPasswordArray[1] = upperChars;
randPasswordArray[2] = lowerChars;
randPasswordArray[3] = specialChars;
randPasswordArray = randPasswordArray.fill(allChars, 4);
return shuffleArray(randPasswordArray.map(function(x) { return x[Math.floor(Math.random() * x.length)] })).join('');
}
function shuffleArray(array) {
for (var i = array.length - 1; i > 0; i--) {
var j = Math.floor(Math.random() * (i + 1));
var temp = array[i];
array[i] = array[j];
array[j] = temp;
}
return array;
}
//Change length accordingly
alert(generatePassword(12));
【讨论】: