PassGenJS. We generate passwords in Javascript with the indication of reliability

In one project, it became necessary to generate a strong password on the client. I looked for a ready-made solution, but found nothing suitable.
All the libraries that were found did not fit for a number of reasons - the password was generated simply for the desired length, there was no possibility of checking the password strength. It was decided to write my own “bicycle” - as an alternative solution, and experience will not be superfluous. The result was the PassGenJS library.

What is under the hood:

• No dependencies
• Password generation by specified parameters (number of letters, numbers, symbols, etc.)
• Password generation by reliability value (1 - weak, 4 - ultra-reliable)
• Password generation by% security (from 0 to 100%)
• Password strength check through entropy calculation

I will give a few examples:

We generate a strong password:
')

PassGenJS.getPassword({score: 3}); //  - 8!G$}6&={a(_> 

We generate a very simple password:

 PassGenJS.getPassword({score: 1}); //  - 82oN 

We generate a password with 60% reliability:

 PassGenJS.getPassword({reliabilityPercent: 60}); //  - YyopjU5atXBMG 

We generate a password with symbolic parameters:

 PassGenJS.getPassword({ symbols: 2, //  .  letters: 2, //   numbers: 1, //   lettersUpper: 5 //      }); //  - m6A:k=WYPP 

It is also possible to check the password strength:

 PassGenJS.getScore("YyopjU5atXBMG"); // : { "password": "YyopjU5atXBMG", //  "score": 3, //   (4 - ) "entropy": 77, //   "reliability": 60.15625, //   ( ) "reliabilityPercent": 60 //    % } 

The estimation algorithm used in this plugin is based on the general assumptions of information theory.
As an assessment of the strength of a password, the value of its entropy is used. You can read more on Wikipedia .

Under the entropy (information capacity) of a password is meant the measure of the randomness of the choice of a sequence of characters constituting a password, assessed by methods of information theory. As the formula used to determine the entropy of the password is used



where N is the number of possible characters, and L is the number of characters in the password. H is measured in bits.

As part of the plugin, the following conditions are used to determine the password strength by its entropy:

• N <56 - Weak (1)
• 56 <= N <64 - Medium (2)
• 64 <= N <128 - Reliable (3)
• N> 128 - Super Reliable (4)

 if (entropy > 0 && entropy < 56) { score = 1; } else if (entropy >= 56 && entropy < 64) { score = 2; } else if (entropy >= 64 && entropy < 128) { score = 3; } else if (entropy >= 128) { score = 4; } 

I would be glad to criticize healthy and any feedback. If someone plugin will be useful, then we can develop further:

• jquery plugin
• password length restrictions
• exclusion of certain characters
• add arbitrary letters (by passing a parameter)
• etc.

Demo

Github