xkcd-passphrase

Overview

A passphrase generator inspired by xkcd #936, designed to provide a high level of security and memorability. By default, passwords are generated with strength equivalent to a random 128-bit key.

Usage caveats:

• If end consumers of these generated passphrases are given the ability to easily regenerate and cycle through them until they find ones they like, the level of security provided drops substantially.

• While the architecture has been vetted by Cure53, the code itself has not yet been audited. Use at your own risk.

Example Usage

import {xkcdPassphrase} from 'xkcd-passphrase';

console.log(await xkcdPassphrase.generate());
/* collision pest numerous baboon tarnish aimee airgas swivel navigate */

console.log(await xkcdPassphrase.generate(256));
/*
    * provolone email darkish symptom unending bridges bianca carport culminate vacancy
    * rehydrate disjoin rotten cornball mousiness cephalon appear buddhism vanity
    */

console.log(await xkcdPassphrase.generate(512));
/*
    * minneapolis detonate headsman jacob lumber custodian glimmer silt lipton carded
    * avalanche shady launder issueless freebee maude unedited spearhead nickname fleshed
    * dissuade rudolph spouse lupe babolat severity chapman liquefy skunk humongous chatroom
    * eatable kay cypress olson found emergency tree
    */

console.log(await xkcdPassphrase.generate(32, [
    'my',
    'awful',
    'custom',
    'word',
    'list',
    'that',
    'I',
    'created',
    'while',
    'drunk'
]));
/* that awful that custom list word list that custom custom */

console.log(await xkcdPassphrase.generateWithWordCount(4));
/* oscar jury email tugboat */

Changelog

Breaking changes in major versions:

3.0.0:

• As part of upgrading from asm.js to WebAssembly (with asm.js included as a fallback), the API is fully asynchronous.

2.0.0:

• Module bundling support.