#004 Extended Secure Random Password Generator

Patrick Gawron · April 3, 2021

Extended version of the Secure Random Password Generator with additional rules:

no special characters at the beginning
no special characters at the end
no double spaces next to each other

If a rule is broken, a new random char is created.

It uses the crypto.getRandomValues() (high security) instead of Math.random()

Inspired by the pwd gen from Nayuki, but a little different implementation

You can download the standalone version or try it from github

Code

// Secure Random Password Generator
function generateSecurePassword(length=10, includeLowercase=true, includeUppercase=false,
    includeNumbers=false, includeAmbiguous=false, includeSpace=false,
    includeEasySymbols=false, includeOtherSymbols=false, includeIndividual=false) {
  let charset = ""
  if (includeLowercase) charset += "abcdefghjkmnpqrstuvwxyz";
  if (includeLowercase && includeAmbiguous) charset += "iol";
  if (includeUppercase) charset += "ABCDEFGHJKMNPQRSTUVWXYZ";
  if (includeUppercase && includeAmbiguous) charset += "IOL";
  if (includeNumbers) charset += "123456789";
  if (includeNumbers && includeAmbiguous) charset += "0";
  if (includeSpace) charset += " ";
  if (includeEasySymbols) charset += "!@#$%*+-=?";
  if (includeOtherSymbols) charset += "^&_:|~/.,;";
  if (includeIndividual) charset += document.querySelector('#pwindiv').value;

  if(window.crypto && window.crypto.getRandomValues) {
      var result = "";
      let values = new Uint32Array(length);
      window.crypto.getRandomValues(values);
      for(let i=0; i<length; i++) {
          result += charset[values[i] % charset.length];
      }
      return result;
  }
  else throw new Error("Your browser can't generate secure random numbers");
};