Security News
ESLint is Now Language-Agnostic: Linting JSON, Markdown, and Beyond
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
dashphrase
Advanced tools
Dash HD Wallet Passphrase generator. Secure, lightweight, BIP-39-compatible Base2048 mnemonic word lists. Works in Node, Bundlers, and Browsers.
Secure Dash HD Wallet Passphrase Generator that works in Node, Bundlers, and Browsers.
BIP-39-compatible
uses standard dictionary of Base2048 mnemonic passphrases (word lists)
Lightweight. Zero dependencies. 20kb (17kb min, 7.4kb gz) ~150 LoC.
(most of the package weight is due to the base2048 word list)
Target Entropy | Number of Words | Total Bits |
---|---|---|
128-bit | 12 words @ 11 bits each | = 132 bits (128 bits + 4-bit checksum) |
160-bit | 15 words @ 11 bits each | = 165 bits (160 bits + 5-bit checksum) |
192-bit | 18 words @ 11 bits each | = 198 bits (192 bits + 6-bit checksum) |
224-bit | 21 words @ 11 bits each | = 231 bits (224 bits + 7-bit checksum) |
256-bit | 24 words @ 11 bits each | = 264 bits (256 bits + 8-bit checksum) |
Node, Bun, & Bundlers:
npm install --save dashphrase@1.2.2
"use strict";
let DashPhrase = require("dashphrase");
Browsers
<script src="https://unpkg.com/dashphrase@1.2.2/dashphrase.js"></script>
<script type="module">
"use strict";
let DashPhrase = window.DashPhrase;
// ...
</script>
let passphrase = await DashPhrase.generate(128);
// cat swing flag economy
// stadium alone churn speed
// unique patch report train
let keyBytes = await DashPhrase.toSeed(passphrase);
// Uint8Array[64] (suitable for use with importKey for AES, etc)
let fooKeyBytes = await DashPhrase.toSeed(passphrase, "foo");
// Uint8Array[64] (a completely different key, determined by "foo")
Values to use for Testing, Demos, Development, and Debugging:
DashPhrase.Zoomonic;
DashPhrase.Zecret;
DashPhrase.Zeed;
DashPhrase.Catmonic;
The canonical DASH Passphrase Mnemonic, Secret Salt, & Seed test values are:
zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo wrong
Or, for the times you need something that looks random:
cat swing flag economy stadium alone churn speed unique patch report train
That's eleven (11) 'zoo's and one (1) 'wrong'.
If we decode that, we get the "input entropy".
For extra entropy / projection, we can also use a "secret salt".
If we run the appropriate Key Derivation on those we the "seed".
Described as JSON:
With secret salt:
{
"inputEntropy": "ffffffffffffffffffffffffffffffff",
"passphraseMnemonic": "zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo wrong",
"secretSalt": "TREZOR",
"seed": "ac27495480225222079d7be181583751e86f571027b0497b5b5d11218e0a8a13332572917f0f8e5a589620c6f15b11c61dee327651a14c34e18231052e48c069"
}
Empty secret salt:
{
"inputEntropy": "ffffffffffffffffffffffffffffffff",
"passphraseMnemonic": "zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo wrong",
"secretSalt": "",
"seed": "b6a6d8921942dd9806607ebc2750416b289adea669198769f2e15ed926c3aa92bf88ece232317b4ea463e84b0fcd3b53577812ee449ccc448eb45e6f544e25b6"
}
Generate a "Base2048" passphrase - each word represents 11 bits of entropy.
await DashPhrase.generate(bitLen); // *128*, 160, 192, 224, or 256
Encode an array of 16, 20, 24, 28, or 32 bytes (typically a Uint8Array
) into a
passphrase using the Base2048 word list dictionary.
let bytes = Uint8Array.from([0, 255, 0, 255, 0, 255, 0, 255, 0, 255, 0, 255]);
await DashPhrase.encode(bytes);
// "abstract way divert acid useless legend advance theme youth"
We all make mistakes. Especially typos.
Running the checksum can't guarantee that the passphrase is correct, but most
typos - such as brocolli
instead of broccoli
- will cause it to fail, so
that's a start.
(although this does check the checksum as well)
let passphrase = "often delay margin arch ...";
await DashPhrase.verify(passphrase); // true
let passphrase = "often delay margin arch TYPO";
await DashPhrase.verify(passphrase).catch(function (err) {
// checksum failed?
throw err;
});
Decode an string of space-delimited words from the Base2048 dictionary into a Uint8Array.
This will throw an error if any non-Base2048-compatible words are used, or if the checksum does not match.
let words = "abstract way divert acid useless legend advance theme youth";
await DashPhrase.decode(words);
// Uint8Array[12] <0, 255, 0, 255, 0, 255, 0, 255, 0, 255, 0, 255>
Generate a private key seed or encryption key based on the passphrase (mnemonic word list) and some other string - whether a salt, a password, another passphrase or secret, or an id of some kind.
await DashPhrase.toSeed(passphraseMnemonic, saltPassword || ""); // Uint8Array[64]
Check if a given word exists in the base2048 dictionary.
DashPhrase.base2048.includes("broccoli"); // true
DashPhrase.base2048.includes("brocolli"); // false
"hammer spoon brocolli zoo".split(" ").filter(function (word) {
return word && !DashPhrase.base2048.includes(word);
});
// [ "brocolli" ]
A secondary Passphrase Mnemonic for documentation, examples, testing, etc.
(use when you need something that appears more random)
cat swing flag economy stadium alone churn speed unique patch report train
(included in canonical test vector, chosen for being friendly & pleasant)
(and still fits in 80 characters)
The Passphrase Mnemonic to use for documentation, examples, testing, etc.
zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo wrong
(chosen for being easy to remember, and funny - the checksum is "wrong")
The Secret Salt to use for documentation examples, testing & debugging, etc.
TREZOR
The Seed to use for documentation examples, testing & debugging, etc.
ac27495480225222079d7be181583751e86f571027b0497b5b5d11218e0a8a13332572917f0f8e5a589620c6f15b11c61dee327651a14c34e18231052e48c069
npm run test
Copyright 2023 Dash Incubator
(forked from therootcompany/passphrase.js, re-license as MIT
with permission)
Copyright 2021 AJ ONeal (MPL-2.0 License)
Copyright 2021 Root, LLC (MPL-2.0 License)
FAQs
Dash HD Wallet Recovery Phrase generator. Secure, lightweight, BIP-39-compatible Base2048 mnemonic word lists. Works in Node, Bundlers, and Browsers.
The npm package dashphrase receives a total of 60 weekly downloads. As such, dashphrase popularity was classified as not popular.
We found that dashphrase demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
Security News
Members Hub is conducting large-scale campaigns to artificially boost Discord server metrics, undermining community trust and platform integrity.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.