Moved password generation to the client #13
No reviewers
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#13
Loading…
Reference in New Issue
No description provided.
Delete Branch "master"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Hello,
I have ported the server-side password generator to JS. It uses
RandomSource.getRandomValues()
which is cryptographically secure - it should work in all modern browsers. I could make it work in older-browsers by falling back to ISAAC or something but that would not be totally secure.I also improved the UI and UX (imo):
(The alert is a normal Bootstrap
alert alert-info
but due to the GIF's limited colour palette, it looks different...)I know you were concerned about users who disable JS. If someone visits this website without JS enabled, they are shown this message:
If you want, we can link those users the server-side password generator (e.g. append to that alert the sentence: "If you want, you can use the server-side based solution that does not require JS".)
I am taking a bit of a risk here because you did not explicitly say: "Yes, please do this" but I feel strongly that password generation should be done on the client when possible, so do other people in the community.
An additional benefit of doing this on the client-side is that, users can download
password.html
and use it locally without the need to run a local PHP server.I am looking forward to hear what you think, @privacytoolsIO.
Great work, alexbooker! I just changed a couple of things, please review it. Your new generator is already online, and old links redirect also to the new generator. Thanks :)
Awesome!
There is only one more thing to do, I think - make the "Source code" link point to the source file. I'll do that now and commit directly to
master
. I'll ping you here once it's done so you can update the server.OK, @privacytoolsIO - I did it.