DEV Community

loading...

Generating Random Passwords

theyoungestcoder profile image TheYoungestCoder ・2 min read

As you may know, many programming languages have the ability to generate random numbers, while not letters (at least in javascript). Today, I will walk you through how you can make a random password/code generator.

Firstly, we need to know how to create a random number. In javascript it's pretty simple using Math.random. Since this is not "cryptographically secure" (whatever that means), you need to use a workaround

Math.random = () => {
    const int = window.crypto.getRandomValues(new Uint32Array(1))[0]
    return int / 2 ** 32
}
Enter fullscreen mode Exit fullscreen mode

It returns a random number—but only between 0-1. Since there are 26 numbers in the alphabet but many possibilities from Math.random, we need to use a little logic to get a random number that has 26 possibilities:

Math.floor(Math.random() * 25)
Enter fullscreen mode Exit fullscreen mode

At this stage our code will return a random from 0 to 25. Since these are only numbers—we need to get the character associated with that number. Luckily, javascript has a function called String.fromCharCode. Since the character code of "a" is 97, we need to offset our random number by 97:

String.fromCharCode(
    Math.round(Math.random() * 25) + 97
)
Enter fullscreen mode Exit fullscreen mode

Now that we have our random letter, time to repeat the process using a for loop—or my personal favorite, creating an empty array followed by mapping it. Putting it all together, this is what it would look like:

Math.random = () => {
    const int = window.crypto.getRandomValues(new Uint32Array(1))[0]
    return int / 2**32
}

function randomPassword(length) {
    // initialize an array of the specified length
    var charArr = [...Array(length)]

    // map each item in the array to a random char
    charArr = charArr.map(
        _ => String.fromCharCode(
            Math.round(Math.random() * 25) + 97
        )
    )

    // convert the array into a string by joining it
    return charArr.join("")
}
Enter fullscreen mode Exit fullscreen mode

Discussion (5)

Collapse
raddevus profile image
raddevus • Edited

You're going to need to follow the "web site password requirements" also. Things like 1) add an uppercase, 2) add a special char 3) max length
I put it all together in an app i call C'YaPass. In my app you draw your password and it generates a SHA-256 based hash which you use as your password. You can read about it here on dev.to Destroy All Passwords: Never Memorize a Password Again. It's FOSS (fully open source software) and you can get the source at GitHub.
Check it out and let me know what you think.
CYaPass

Collapse
theyoungestcoder profile image
Collapse
raddevus profile image
raddevus

Thanks very much I appreciate it.

Collapse
darkain profile image
Vincent Milum Jr

"Math.random() does not provide cryptographically secure random numbers. Do not use them for anything related to security."

developer.mozilla.org/en-US/docs/W...

Collapse
theyoungestcoder profile image
TheYoungestCoder Author

Thank you for letting me know! I updated my post

Forem Open with the Forem app