Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Utility for generating memorable passwords and converting random bytes into human-readable phrases
A JS library for generating random-yet-memorable passwords, either server-side in Node or in the browser. Each word provides 16 bits of entropy, so a useful password requires at least 3 words.
Because the wordlist is of exactly size 2^16, Niceware is also useful for convert cryptographic keys and other sequences of random bytes into human-readable phrases. With Niceware, a 128-bit key is equivalent to an 8-word phrase.
Demo: https://diracdeltas.github.io/niceware/
+8svofk0Y1o=
and bacca cavort west volley
are equally strong (64 bits of
randomness).To install:
npm install niceware
To generate an 8-byte passphrase:
const niceware = require('niceware')
// The number of bytes must be even
const passphrase = niceware.generatePassphrase(8)
// Result: [ 'deathtrap', 'stegosaur', 'nilled', 'nonscheduled' ]
To use Niceware in modern browsers, include
browser/niceware.js in a script
tag. Niceware is then available in the window.niceware
object.
<script src='niceware.js'></script>
<script>
const passphrase = window.niceware.generatePassphrase(8)
</script>
Niceware uses window.{crypto, msCrypto}.getRandomValues
for entropy in the browser.
NOTE: When used in the browser, Buffer
is replaced with window.Uint8Array
.
Array.<string>
Buffer
Array.<string>
Array.<string>
Converts a byte array into a passphrase.
Kind: static method of niceware
Param | Type | Description |
---|---|---|
bytes | Buffer | The bytes to convert |
Buffer
Converts a phrase back into the original byte array.
Kind: static method of niceware
Param | Type | Description |
---|---|---|
words | Array.<string> | The words to convert |
Array.<string>
Generates a random passphrase with the specified number of bytes.
NOTE: size
must be an even number.
Kind: static method of niceware
Param | Type | Description |
---|---|---|
size | number | The number of random bytes to use |
Niceware was inspired by Diceware. Its wordlist is derived from http://www-01.sil.org/linguistics/wordlists/english/. This project is based on my work on OpenPGP key backup for the Yahoo End-to-End project.
FAQs
Utility for generating memorable passwords and converting random bytes into human-readable phrases
We found that niceware demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.