问题描述
我想在网页中,在客户端,用 Javascript 生成密码.密码应该使用字母和数字,也许是一些符号.如何安全地在 Javascript 中生成密码?
I want to generate a password in a web page, on the client side, in Javascript. The password should use letters and numbers, perhaps some symbols. How can I generate a password in Javascript securely?
推荐答案
由于密码需要不可预测,因此需要由种子良好的加密 PRNG 生成.Math.random
通常不安全.
Since a password needs to be unpredictable, it needs to be generated by a well seeded crypto PRNG. Math.random
is usually not secure.
现代浏览器(至少是当前版本的 Firefox 和 Chrome)支持生成安全随机值的 window.crypto.getRandomValues
.
Modern browsers (At least the current versions of Firefox and Chrome) support window.crypto.getRandomValues
which generates secure random values.
基于 Presto 的 Opera 不支持它,但它的 Math.random
是安全的.但是既然 Opera 已经死了,那么回退应该不再是必要的了.
Presto based Opera doesn't support it, but its Math.random
is secure. But since Opera has died, the fallback shouldn't be necessary anymore.
function randomString(length)
{
var charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
var i;
var result = "";
var isOpera = Object.prototype.toString.call(window.opera) == '[object Opera]';
if(window.crypto && window.crypto.getRandomValues)
{
values = new Uint32Array(length);
window.crypto.getRandomValues(values);
for(i=0; i<length; i++)
{
result += charset[values[i] % charset.length];
}
return result;
}
else if(isOpera)//Opera's Math.random is secure, see http://lists.w3.org/Archives/Public/public-webcrypto/2013Jan/0063.html
{
for(i=0; i<length; i++)
{
result += charset[Math.floor(Math.random()*charset.length)];
}
return result;
}
else throw new Error("Your browser sucks and can't generate secure random numbers");
}
alert(randomString(10))
http://jsfiddle.net/ebbpa/
这篇关于Javascript生成具有特定字母数量的随机密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!