The start of a bookmarklet for generating passwords

Following up on yesterday's password generation posting, here is a Javascript generate passwords based on the last two names in the domain name. It is presented in a form suitable for use in a bookmarklet.


( function( substitution_cipher_grid ) {
substitution_cipher_grid = substitution_cipher_grid.replace(/\s+/g,'');
var substitution_cipher={};
var rows = substitution_cipher_grid.split('.');
for ( var r = 0; r < rows.length; r++ ) {
var cells = rows[r].split( '' );
for ( var c = 0; c < cells.length; c++ ) {
substitution_cipher[cells[c]]=c+1
}
}
var domain = window.location.host.split('.').reverse().splice(0,2).reverse().join('.');
var password=domain.split('').map( function(c) { return substitution_cipher[c] || 0; } ).join('');
window.prompt( 'Password for '+domain+' is:', password );
} ) ( " a b c d e f . \
g h i j k l . \
m n o p q r . \
s t u v w x " );


The substitution_cipher_grid is expressed as a Javascript string where each row is separated by a period and each cell is separated by a space. Again, the actual grid used here is only for demonstration and should not be actually used.

The most significant flaw in this example is having the substitution_cipher_grid encoded in the bookmarklet. Ideally, the first time the bookmarklet is used it would ask for the grid and store it away until you quit the browser or its time expires. This is the functionality of a cookie. Unfortunately, I do not know how to make a cookie that is only associated with a bookmarklet. Another caching mechanism would be acceptable too. Any ideas anyone?

Update: The code has been updated to not use the strip() function. I did not realize during testing that I was within a site that was using Prototype which adds methods to Javascript objects. One of these methods is strip().

No comments: