SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Member
    Join Date
    Jul 2003
    Location
    sweden
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Generating random seed strings using cursor

    Hi,

    I needed a javascript that could create random seed strings.
    The script was to be used to ensure key integrity for a webb-based application.

    I found one script that did this and more; some really nice features to
    the script were that you could specify the chars. to be generated and
    how long the string should be.

    Then I found out that the javascript algoritm was flawed; the seed
    string could (theoretically) be hacked (the string is encrypted by the
    app). So I got an Idea: How about creating a script that generates
    random seed strings based on how you move your mouse on the screen?

    This method should generate a string that's impossible to 'hack'. Could
    anybody help me with script? It should - apoligies for the feature list - do the following:
    • Create ONE random string based on how the user moves the cursor over the screen
    • Allow user to specify the length of the string.
    • Allow user to specify the set of chars. to be used in string. The
      chars. should be specified in a text field that already contains a-z and 0-9.

    Here is a use case:
    1. User enters length of the seed to be generated. E.g. 256
    2. user types in chars. to be used in seed. E.g. 1234567890abcdefgh
    3. User hits the "Generate seed!" button
    4. The script generates chars til the specified seed length is meet. The
      string is automatically inserted in a textarea.
    5. The script informs the user that the seed has been generated using a window


    Scripts of interest
    Here are two javascripts that may be used in order to create this script:
    Random Password Generator and JavaScript Capture Mouse.

    I'm truly grateful for your help!
    Again, sorry for this shamelessly detailed request.
    Last edited by Ian Mainim; Jul 3, 2003 at 07:05.

  2. #2
    SitePoint Member
    Join Date
    Feb 2003
    Location
    UK
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    How about this:

    Code:
    <html>
    <body>
    <script type="text/javascript">
    //<![CDATA[
    //tell Netscape to catch mouse movements
    if (document.layers) document.captureEvents(Event.MOUSEMOVE)
    document.onmousemove = mmove;
    
    //don't bother about mouse position if you're not generating something
    var generating = false;
    
    //just in case they change the key chars while you're generating!
    var savedChars;
    //no point in working it out each time
    var charLen = 0;
    //a number dependant on the mouse position
    var theNum;
    //just in case they get silly - a maximum!
    var max = 2000;
    
    function foo() {
    
    	if (charLen = document.f.chars.value.length){ 
    		savedChars = document.f.chars.value;
    		document.f.key.value = "";
    		generating = true;
    // wait a .5 second before starting to generate - give a chance to move the mouse
    		setTimeout("bar("+(parseInt(document.f.len.value)%(max+1))+")",500)
    	}
    	else
    		alert("I need some characters to use!");
    
    }
    
    function bar(n){
    	if (n--){
    // use the mouse position every 10th second - so points not contiguous
    		setTimeout("bar("+n+")",100)
    		document.f.key.value += savedChars.charAt(theNum%charLen);
    	}
    	else{
    		generating=false;
    		alert("Key Generated");
    	}
    
    }
    
    function mmove(ns){
    
    	if (generating){
    		var X = 0;
    		var Y = 0;
    
    	//grab the coordinates 
    		if (document.all) { 
    			X = event.clientX + document.body.scrollLeft;
    			Y = event.clientY + document.body.scrollTop;
    		}
    		else{
    			X = ns.pageX;
    			Y = ns.pageY;
    		}
    
    		theNum = (X + Y)
    
    	}
    	return true;
    }
    //]]>
    </script>
    
    <form method=post action="" name="f" onsubmit="return false">
    Length: <input type="text" name="len"><br>
    Seed Chars: <input type="text" name="chars"><br>
    <input type="button" onclick="foo()" value="Generate"><br>
    String: <textarea name="key" rows="10" cols="80"></textarea><br>
    </form>
    
    </body>
    </html>

  3. #3
    SitePoint Member
    Join Date
    Jul 2003
    Location
    sweden
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Piglet, I got to hand it to you - this is exactly what I'm looking for!
    Thank you for your help!

    All it really needs are some minor tweaks. Thought about it and came
    to the conclusion that user's shouldn't be able to specify the chars.
    BTW, is there a way to speed up the generating process? I can't
    think of anyway to do it, but maybe you can?
    (Changing setTimeout("bar("+n+" )",100) might work, but will probably
    create weaker strings)

    Again - thanks!
    Last edited by Ian Mainim; Jul 3, 2003 at 15:47.

  4. #4
    SitePoint Member
    Join Date
    Jul 2003
    Location
    sweden
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    modified script gives error

    Piglet, I modified your script to that the user doesn't have to specify
    a set of chars. But when the string is generated, onyl zeros show up:
    (I've renamed so fields, but they should all be correct)

    Code:
      <script language="JavaScript" type="text/javascript">
    //<![CDATA[
    //tell Netscape to catch mouse movements
    if (document.layers) {
    	document.captureEvents(Event.MOUSEMOVE);
    }
    
    document.onmousemove = mmove;
    
    //don't bother about mouse position if you're not generating something
    var generating = false;
    //just in case they change the key chars while you're generating!
    var savedChars;
    //no point in working it out each time
    var charLen = 0;
    //a number dependant on the mouse position
    var theNum;
    //just in case they get silly - a maximum!
    var max = 2000;
    
    function foo() {
    		// list of chars. in string
    		savedChars="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ`~!@#$%^&*()-_=+[{]}\\|;:'\",<.>/? ";
    		document.keyGenForm.randomSeed.value = "";
    		generating = true;
    		
    		alert("Once you hit the OK button below, make sure you move the cursor all over the screen!");
    		// wait a .5 second before starting to generate - give a chance to move the mouse
    		setTimeout("bar("+(parseInt(document.keyGenForm.len.value)%(max+1))+" )",500);
    }
    
    function bar(n){
    	if (n--){
    		// use the mouse position every 0.1 second - so points not contiguous
    		setTimeout("bar("+n+" )",100)
    		document.keyGenForm.randomSeed.value += savedChars.charAt(theNum%charLen);
    	}
    	else {
    		generating = false;
    		alert("Random seed string has been generated!");
    	}
    }
    
    function mmove(ns){
    
    	if (generating){
    		var X = 0;
    		var Y = 0;
    
    		//grab the coordinates 
    		if (document.all) { 
    			X = event.clientX + document.body.scrollLeft;
    			Y = event.clientY + document.body.scrollTop;
    		}
    		else{
    			X = ns.pageX;
    			Y = ns.pageY;
    		}
    
    		theNum = (X + Y)
    	}
    	return true;
    }
    //]]>
    </script>
    The form part looks like this:
    Code:
    		  Seed length: 
    		  <input type="text" name="len" value="256" /> <input type="button" onClick="foo()" value="Generate seed" /> 
    		  <br /> <textarea name="randomSeed" cols="55" rows="10"></textarea>

  5. #5
    SitePoint Member
    Join Date
    Jul 2003
    Location
    sweden
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think I fixed it
    Forgot to set var charLen = 97;

  6. #6
    SitePoint Member
    Join Date
    Feb 2003
    Location
    UK
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    Thanks - it was an interesting question! To generate more quickly you could reduce the Timout as you say - or make "X" and "Y" globals, and then do two characters at a time with them rather than one with "theNum" - or a combination of both.

    One thing I realised after I posted:

    setTimeout("bar("+(parseInt(document.keyGenForm.len.value)%(max+1))+" )",500);

    should be:

    var n = parseInt(document.keyGenForm.len.value);
    n = (n>max)?max:n;
    setTimeout("bar("+n+")",500);

  7. #7
    SitePoint Member
    Join Date
    Jul 2003
    Location
    sweden
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I changed the time to 50 ms and it works as a charm
    I'm thinking of adding a progress bar or a counter
    that keep tracks of entered chars. in the textarea...
    Piglet, if you're interested to see this script in
    action - send me a PM! I think you'll be glad to
    see your script come in good use


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •