Sept 15, 2017 Release

New "Colors" passphrases and many theme updates. The "Colors" passphrase is now default for the "Alternate" generator rather than "Trump". This is because I would like to put visual passphrases up in front of everyone as a talking point. Will using color with the colornames help in recalling the passphrase when needed, as a sort of fake visual synesthesia? How will this affect people who legitimately have synesthesia? This is worth researching, and as such, why it's default.

Sept 9, 2017 Release

The most noticeable change is the theme update, providing:

• Blue headers around the boxes.
• Raising the box titles above the select options and generate button.
• Improving the select and button theme for a more cross-browser UI consistency.

Also, a bug is fixed with the sec_rand() JavaScript function, where a 31-bit mask was being applied to the 32-bit random number, and removing a possible infinite loop in that function.

Sept 2, 2017 Release

Many new changes:

• All JavaScript and CSS is now taking advantage of subresource integrity (SRI) using SHA-256. If you install this generator on a CDN, this will help ensure that the data being delivered as what it should be.
• In order to accommodate for the previous item, every list is downloaded on page load. Most of these are done asynchronously to speed up page load. However, the initial page load may be noticeably slow.
• A great deal of orphaned JavaScript code was cleaned out as a result of the previous item.
• Each word list, because there are largely static, were renamed adding the SHA-224 hash of the file to the filename. This makes it possible to configure your web server with exceptionally long expiration times, so the client browser can keep a cache of every word list, provided the filename does not change. While the initial page load may be slow, additional page loads should be snappy.
• The Emoji box was combined with the Random box, making way for the Bitcoin box.
• The Bitcoin passphrase generator was pulled from the Alternate box, and into its own box.
• The Bitcoin box now supports the following languages from bip-0039:
  • Chinese (Simplified)
  • Chinese (Traditional)
  • English (default)
  • French
  • Italian
  • Japanese
  • Korean
  • Spanish
• Because I am now using SRI, which has about 70% browser support, I decided to drop the SJCL JavaScript library, and rely on the Web Crypto API for all random number generation. This means more obscure browsers, such as surf(1) may not generate any passphrases. Sorry.

Because of the size of the download for this project, it is recommended to configure compression with your web server, such as mod_deflate in Apache. By doing so, I see on average, about 70% compression ratios. I'm still debating if I want to offer manually gzipped compressed JavaScript word lists, or just rely on the backend web server configuration for compression. Right now, I'm leaning toward the latter.

Aug 31, 2017 Release

Mostly bug fixes and code cleanup.

• Update footer cleaning up disclaimer and adding Github and Twitter icons.
• Update entropy testing meter to the latest zxcvbn.js code from Dropbox.
• Remove old code toggling info boxes on the generators. See the wiki for more detailed information. Might move it the README.
• Update the favicon, and make it visible on HTML pages.
• Add Slovenian language support to Diceware.
• Bring back Bulgarian support to Diceware- bugs may exist.
• Fix bug where generated words with a hyphen have the hyphen replaced when an underscore when hyphenating the passphrase, and replace it back from an underscore to a hyphen when reverting.

Aug 13, 2017 Bug-fix Release

This release is primarily a bug-fix release. It fixes the following 2 big bugs:

1. When hyphenating passwords, the character count was not accurately reflected. That was fixed in the last release, but when changing word lists while hyphenated, the character count was based on the password without the hyphens, making it worse. The character count is not accurately reflected based on whether or not the password is hyphenated.
2. Emojis can be multiple bytes, and the .length Javascript function is counting bytes, meaning an 8-glyph emoji could get counted as anywhere from 8 to 24 characters, depending on the number of bytes per character. So, rather than counting the length after the password was generated, the length is determined from the entropy, seeing as though that is what is used to get the length anyway.

In addition, the Chinese Diceware word lists where taken down from 2 lists to 1 using the pinyin word list, and dropping the wubi list. This is after some back-and-forth on Twitter and Slack, and ultimately determined that using the pinyin word list was the better way to go.

Every release should bump up the number words in the Trump word list, so this release brings that word list size up to 5,186 unique words, or about 12.34-bits of entropy per word.

Aug 12, 2017 Release

This adds more words to the Trump password generator, adds emoji passwords with the Google Noto Emoji font, and adds both the Pinyin and Wubi Simplified Chinese word lists. This also changes the layout from 3x3 to 3x2, combining the random base generators into a single box.

May 02, 2017 first release

170502.1

remove bulgarian as an option until i have an undisputed text-based s…