From 1ca4cbc197f2577af6c47d6b272d4c8aa5c135fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20B=C3=BClow?= Date: Sat, 7 Jan 2023 13:24:15 +0100 Subject: [PATCH] changed password generator to use a better randomness source --- Makefile | 4 ++++ README.md | 10 +++++++++- src/lib/generalStore.ts | 3 ++- src/lib/pwgen.ts | 17 +++++++++++++---- 4 files changed, 28 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 8aa6efb..a0b4d3e 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,7 @@ JSPKGMAN = "yarn" ROOTDIR = $(dir $(CURDIR)) +HEAD=$(shell git rev-parse --short HEAD) + dev: $(JSPKGMAN) run vite dev @@ -16,7 +18,9 @@ wasm-pack: docker: podman build -t docker.io/jmbitci/crypttool . + podman build -t docker.io/jmbitci/crypttool:$(HEAD) . podman push docker.io/jmbitci/crypttool + podman push docker.io/jmbitci/crypttool:$(HEAD) #TODO get rid of -f and check whether files exist instead diff --git a/README.md b/README.md index aec1d95..e317366 100644 --- a/README.md +++ b/README.md @@ -3,4 +3,12 @@ This Project is more of a proof of concept than an actually useful Application, but it essentially wants to solve the Issue of sending and recieving encrypted Files via E-Mail or other means. The Idea of this Project is to do all of the Encryption client-side using Javascript or WebAssembly, so the Website will work without any Server and can be packaged as a single html file and distributed this way. -Ideally, I would like for this to be able to en/decrypt any content. A nice to have Feature would be to make it work in a "self-extracting" way, so you could basically generate a html file that prompts you for a password and decrypts its content. \ No newline at end of file +Ideally, I would like for this to be able to en/decrypt any content. A nice to have Feature would be to make it work in a "self-extracting" way, so you could basically generate a html file that prompts you for a password and decrypts its content. + +## Technology +This website is essentially a frontend to the Browsers [SubtleCrypto](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto) cryptography API. + +## TODO +- Make sure the cryptography is sound +- Configuration options (Password length, type) +- Passhphrase option diff --git a/src/lib/generalStore.ts b/src/lib/generalStore.ts index 030338a..e6fcf3c 100644 --- a/src/lib/generalStore.ts +++ b/src/lib/generalStore.ts @@ -5,4 +5,5 @@ export let encryptSource = writable(); export let encryptTarget = writable(); export let decryptSource = writable(); export let decryptDestination = writable(); -export let errorMessage = writable(""); \ No newline at end of file +export let errorMessage = writable(""); +export let passwordLength = writable(16); \ No newline at end of file diff --git a/src/lib/pwgen.ts b/src/lib/pwgen.ts index a37bad8..608df50 100644 --- a/src/lib/pwgen.ts +++ b/src/lib/pwgen.ts @@ -1,14 +1,23 @@ import { writable} from 'svelte/store'; +import { passwordLength } from './generalStore'; +let length: number = 16; +passwordLength.subscribe(value => { + length = value; +}) function generateRandomString(length: number): string { let result = ''; - for (let i = 0; i < length; i++) { - const charCode = Math.floor(Math.random() * 62); - result += String.fromCharCode(charCode + (charCode < 26 ? 65 : (charCode < 52 ? 71 : -4))); + while (result.length < length) { + const array = new Uint8Array(1); + self.crypto.getRandomValues(array); + const charCode: number = array[0]; + if ( 33 < charCode && charCode < 126 ) { + result += String.fromCharCode(charCode + (charCode < 26 ? 65 : (charCode < 52 ? 71 : -4))); + } } return result; } -const password: string = generateRandomString(16); +const password: string = generateRandomString(length); export let globalPassword = writable(password);