{"id":51008422,"url":"https://github.com/voidd0/passgen","last_synced_at":"2026-06-20T23:31:03.617Z","repository":{"id":354731411,"uuid":"1223806814","full_name":"voidd0/passgen","owner":"voidd0","description":"passgen — secure password + diceware passphrase generator with entropy meter and crack-time estimate. Unbiased rejection sampling on crypto.randomBytes. Zero deps.","archived":false,"fork":false,"pushed_at":"2026-04-29T19:16:29.000Z","size":20,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-29T21:19:03.373Z","etag":null,"topics":["cli","diceware","entropy","nodejs","passphrase","password","password-generator","secure-random","security","voiddo"],"latest_commit_sha":null,"homepage":"https://tools.voiddo.com/passgen/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/voidd0.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"custom":["https://voiddo.com/contact/","https://scrb.voiddo.com/"]}},"created_at":"2026-04-28T17:12:06.000Z","updated_at":"2026-04-29T19:16:34.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/voidd0/passgen","commit_stats":null,"previous_names":["voidd0/passgen"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/voidd0/passgen","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voidd0%2Fpassgen","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voidd0%2Fpassgen/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voidd0%2Fpassgen/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voidd0%2Fpassgen/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/voidd0","download_url":"https://codeload.github.com/voidd0/passgen/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voidd0%2Fpassgen/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34589204,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-20T02:00:06.407Z","response_time":98,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","diceware","entropy","nodejs","passphrase","password","password-generator","secure-random","security","voiddo"],"created_at":"2026-06-20T23:31:02.925Z","updated_at":"2026-06-20T23:31:03.584Z","avatar_url":"https://github.com/voidd0.png","language":"JavaScript","funding_links":["https://voiddo.com/contact/","https://scrb.voiddo.com/"],"categories":[],"sub_categories":[],"readme":"# passgen\n\n[![npm version](https://img.shields.io/npm/v/@v0idd0/passgen.svg?color=A0573A)](https://www.npmjs.com/package/@v0idd0/passgen)\n[![npm downloads](https://img.shields.io/npm/dw/@v0idd0/passgen.svg?color=1F1A14)](https://www.npmjs.com/package/@v0idd0/passgen)\n[![License: MIT](https://img.shields.io/badge/license-MIT-A0573A.svg)](LICENSE)\n[![Node ≥14](https://img.shields.io/badge/node-%E2%89%A514-1F1A14)](package.json)\n\nGenerate cryptographically random passwords + diceware-style passphrases. Reports entropy in bits and a cracking-time estimate. Zero deps. Free forever from vøiddo.\n\n```\n$ passgen\n\u003c7}S2HF8dUbz;ii)\n  entropy 103.1 bits  very strong  · cracking time effectively forever\n\n$ passgen --passphrase --words 5 --capitalize --number-suffix\nCasual-Define-Cover-Hybrid-Axis-5742\n  entropy 63.3 bits  strong  · cracking time 2 years\n```\n\n## Why passgen\n\nMost \"online password generators\" are happy to use `Math.random()` (a PRNG that an attacker reading your timestamp can rewind), and most CLI alternatives use byte-modulo (which gives an off-by-one bias when modulus doesn't divide 256). passgen uses node's CSPRNG with **rejection sampling on uint32** — every character of the alphabet (or every word of the wordlist) appears with exactly equal probability. That extra rigor is invisible in the output but visible in the entropy report.\n\n## Install\n\n```bash\nnpm install -g @v0idd0/passgen\n```\n\n## Usage\n\n```bash\n# Default: one 16-char password (alpha + digits + symbols)\npassgen\n\n# Custom length\npassgen --length 32\n\n# Generate many at once\npassgen --count 10\n\n# Diceware-style passphrase (5 words, ~50 bits entropy from a 1024-word list)\npassgen --passphrase\n\n# Beefier passphrase (~63 bits)\npassgen --passphrase --words 5 --capitalize --number-suffix\n\n# Restrict character set (e.g. for systems that reject symbols)\npassgen --length 20 --no-symbols\npassgen --length 24 --no-upper --no-symbols\n\n# Bare output for scripting (no entropy report)\npassgen --bare --count 100 \u003e seed.txt\n\n# JSON for CI / programmatic use\npassgen --json | jq .password\n```\n\n## How random is it?\n\nEntropy comes from `crypto.randomBytes` — node's CSPRNG (kernel `getrandom()` on Linux, `BCryptGenRandom` on Windows). Indices are derived via **rejection sampling on uint32**, which means every character of the alphabet (or every word of the wordlist) appears with exactly equal probability. No off-by-one bias from naïve `% N`.\n\n## Strength scale\n\n| bits | label | rough crack time at 10¹¹ guesses/sec |\n|---|---|---|\n| \u003c 28 | weak | seconds–minutes |\n| 28–60 | reasonable | hours–months |\n| 60–90 | strong | years |\n| 90–128 | very strong | thousands–millions of years |\n| ≥ 128 | paranoid | effectively forever |\n\nCrack times assume an offline attack against a fast hash (SHA-256, MD5). bcrypt / Argon2 / scrypt are 10⁶–10⁸× slower, so even \"reasonable\" entropy is safe in practice when the server hashes properly.\n\n## Compared to alternatives\n\n| tool | RNG | bias-free sampling | passphrase mode | offline | install |\n|---|---|---|---|---|---|\n| passgen | CSPRNG (`randomBytes`) | yes (rejection on uint32) | yes (1024-word list) | yes | one npm install |\n| `pwgen` | non-cryptographic | no | no | yes | bundled (Linux) |\n| `openssl rand -base64 N` | CSPRNG | yes | no | yes | bundled |\n| `1password generate` | CSPRNG | yes | yes | requires app | app |\n| Web generators | varies | rarely documented | varies | no | web |\n\nIf you're already in 1Password or Bitwarden, use those — they sync. passgen is for the cases where you need a one-shot strong string in your shell (provisioning, CI seeds, DB roots).\n\n## FAQ\n\n**Why diceware over random characters?** Because 5 short words are easier to memorize than 9 random characters of equivalent entropy. Memorability matters when the password is for something you'll type, not paste.\n\n**Why a custom wordlist instead of EFF's 7776?** Smaller (1024 entries → 10 bits/word vs EFF's ~12.92), curated for shorter words (4–8 letters) and no homoglyph confusion. Trade-off: you need slightly more words (5 → 50 bits vs EFF's ~38.7) for the same entropy budget.\n\n**Should I use `--no-symbols`?** Only if your target system rejects them. Letters+digits gives ~5.95 bits/char vs full mixed at ~6.55 — a 16-char password drops from 105 to 95 bits, both still in \"very strong\" territory.\n\n**Is \"1024 word list\" not power-of-two-suspicious for rejection sampling?** Caught one yourself. Naive single-byte rejection deadlocks when the wordlist size divides 256 (the rejection range becomes empty). passgen reads 4 bytes per index and rejects on `remainder == 0 ? range : range - remainder` — the same gate works for 256-, 1024-, and 65536-word lists.\n\n## Programmatic API\n\n```javascript\nconst { generatePassword, generatePassphrase, entropyBits } =\n  require('@v0idd0/passgen');\n\nconst pw = generatePassword(20, { symbols: false });\nconsole.log(pw, entropyBits(pw).toFixed(1) + ' bits');\n\nconst phrase = generatePassphrase(5, { capitalize: true, numberSuffix: true });\nconsole.log(phrase);\n```\n\n## Wordlist\n\npassgen ships with a 1024-word built-in list (4–8 letter, lowercase, no homoglyphs). log₂(1024) = 10 bits per word — five words = 50 bits, the same ballpark as a 9-character mixed password but vastly more memorable.\n\n## More from the studio\n\nThis is one tool out of many — see [`from-the-studio.md`](from-the-studio.md) for the full lineup of vøiddo products (other CLI tools, browser extensions, the studio's flagship products and games).\n\n## From the same studio\n\n- **[@v0idd0/jsonyo](https://www.npmjs.com/package/@v0idd0/jsonyo)** — JSON swiss army knife, 18 commands, zero limits\n- **[@v0idd0/envguard](https://www.npmjs.com/package/@v0idd0/envguard)** — stop shipping `.env` drift to staging\n- **[@v0idd0/depcheck](https://www.npmjs.com/package/@v0idd0/depcheck)** — find unused dependencies in one command\n- **[@v0idd0/gitstats](https://www.npmjs.com/package/@v0idd0/gitstats)** — git repo analytics, one command\n- **[View all tools →](https://voiddo.com/tools/)**\n\n## License\n\nMIT.\n\n---\n\nBuilt by [vøiddo](https://voiddo.com/) — a small studio shipping AI-flavoured products, free dev tools, Chrome extensions and weird browser games.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoidd0%2Fpassgen","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvoidd0%2Fpassgen","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoidd0%2Fpassgen/lists"}