jslib
platform-compat
jslib | platform-compat | |
---|---|---|
16 | 23 | |
127 | 249 | |
- | - | |
9.4 | 1.2 | |
almost 2 years ago | over 3 years ago | |
TypeScript | C# | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
jslib
-
Bitwarden PINs can be brute-forced
Someone should tell them!
https://github.com/bitwarden/jslib/issues/52
-
How to estimate strength of strong not 100% randomly generated passhphrases?
To that extent, they're not going to bother trying to brute force the original password with aaaaaaa, aaaaaab, aaaaaac, etc. they'll start by going through the very publicly known word list and try abacus, abdomen, abdominal, etc.
-
What am I doing wrong?
FYI, according to the implementation notes in the .1pux importer pull request , the 1Password categories should be mapped to Bitwarden categories as follows:
-
Lost my master password
In 2021, there was a PR (bitwarden/jslib#404) that changed it from 1 to 2 for local authentication. Server authentication still uses 1 iteration.
- SHA256 is a terrible choice for a PBKDF in 2019
-
Are passphrases random, or is there some kind of semantic algorithm to pick related words and try to make easier to remember together? Just got this gem 👀
As a point of interest, there are 7,776 unique words in the word list. As such, each word provides log2(7776) ~= 12.92 bits security. So the 4 word phrase Bitwarden generates by default only provides ~51 bits security (your 3 word phrase about 38 bits).
- Where can I find the source code for Bitwardens password generator program?
-
Bitwarden code on Github question
The code you're interested in is here: https://github.com/bitwarden/jslib
-
Bitwarden CSV Import
Fixes and improvements to MykiCsvImporter by djsmith85 · Pull Request #707 · bitwarden/jslib (github.com)
- Generating passphrase in language other than English
platform-compat
-
KeePass flaw allows retrieval of master password
DotNet offers the SecureString class to keep a string encrypted in Memory, but as long as the OS does not natively support this concept, the only advantage is that it resides in memory for a shorter time, the disadvantage is that SecureStrings are easier to search for.
- System.Net.Mail.SmtpClient is not recommended anymore; what is the alternative?
-
Bitwarden PINs can be brute-forced
Note the KeePass's resistance to the attack mentioned depends on the security of .NET's secure string, which, here's what Microsoft has to say about it (https://github.com/dotnet/platform-compat/blob/master/docs/D...)
As for KeePassXC, last I checked it didn't even bother.
-
Ever Find A Dead Man's Switch On A Network/Domain?
TIL. Looks like the deprecation note recommends MailKit.
-
Disabilities and Windows Passwords
Well of course, but it does have to be passed to the module that generates the hashes AD uses in the first place. And as I said, the standard password reset screen is bound to store the password in plain text somewhere as well.
-
Embedded logo in HTML email sent from PowerShell
This won’t help you with your question, but I figured I should warn against using send-mailmessage.
-
Alternative to PowerShell cmdlet 'send-mailmessage'
points you here.
-
API pagination help?
Some of the reasons for not using Hashtable or other non-generic collection types are outlined here. That's why Microsoft doesn't recommend their usage in new implementations across all of its API documentation.
- How to deal with credentials in automated scripts?
-
pfSense configuration backup
And if you really want to be secure you need to something better than a SecureString: https://github.com/dotnet/platform-compat/blob/master/docs/DE0001.md
What are some alternatives?
ElectronMail - Unofficial ProtonMail Desktop App
envchain - Environment variables meet macOS Keychain and gnome-keyring <3
angular-electron - Ultra-fast bootstrapping with Angular and Electron :speedboat:
ImportExcel - PowerShell module to import/export Excel spreadsheets, without Excel
2key-ratchet - 2key-ratchet is an implementation of a Double Ratchet protocol and X3DH in TypeScript utilizing WebCrypto.
envconsul - Launch a subprocess with environment variables using data from @HashiCorp Consul and Vault.
bitwarden - Bitwarden client applications (web, browser extension, desktop, and cli) [Moved to: https://github.com/bitwarden/clients]
MailKit - A cross-platform .NET library for IMAP, POP3, and SMTP.
generator-ngx-rocket - :rocket: Extensible Angular 14+ enterprise-grade project generator
distrobuilder - System container image builder for LXC and Incus
AngleSharp - :angel: The ultimate angle brackets parser library parsing HTML5, MathML, SVG and CSS to construct a DOM based on the official W3C specifications.
dotfiles - Home directory with an absurd amount of tweaks