SmartPassLib JS ^v1.0.3

---

Smart Passwords Library: Cryptographic password generation and management without storage. Generate passwords from secrets, verify knowledge without exposure, manage metadata securely.

Now with Cross-Platform Determinism: Same secret + same parameters = identical password on JavaScript, C#, Python, Go, Kotlin and any language with SHA-256.

Decentralized by Design: Unlike traditional password managers that store encrypted vaults on central servers, smartpasslib stores nothing. Your secrets never leave your device. Passwords are regenerated on-demand — no cloud, no database, no trust required.

---

---

⚠️ Disclaimer

By using this software, you agree to the full disclaimer terms.

Summary: Software provided "AS IS" without warranty. You assume all risks.

Full legal disclaimer: See DISCLAIMER.md

---

Core Principles

• Zero-Storage Security: No passwords or secret phrases are ever stored or transmitted
• Decentralized Architecture: No central servers, no cloud dependency, no third-party trust required
• Cross-Platform Deterministic Generation: Identical secret + parameters = identical password on any language (SHA-256 based)
• Metadata Only: Store only verification metadata (public keys, descriptions, lengths)
• On-Demand Regeneration: Passwords are recalculated when needed, never retrieved from storage
• Cryptographically Secure: Uses Web Crypto API

Key Features

• Decentralized & Serverless: No central database, no cloud lock-in, complete user sovereignty
• Smart Password Generation: Deterministic from secret phrase
• Public/Private Key System: 30 iterations for private key, 60 for public key
• Secret Verification: Verify secret without exposing it
• Random Password Generation: Cryptographically secure random passwords
• Authentication Codes: Short codes for 2FA/MFA (4-20 chars)
• No Dependencies: Pure JavaScript, uses Web Crypto API

Security Model

• Proof of Knowledge: Public keys verify secrets without exposing them
• Decentralized Trust: No third party needed — you control your secrets completely
• Deterministic Security: Same input = same output, always reproducible across platforms
• No Vulnerable Metadata Storage: Only public keys and descriptions can be stored (optional)
• Zero Storage of Secrets: Secret phrases exist only in your memory, private keys are derived on-demand and never persisted
• No Recovery Backdoors: Lost secret = permanently lost passwords (by design)

---

Research Paradigms & Publications

• Pointer-Based Security Paradigm - Architectural Shift from Data Protection to Data Non-Existence
• Local Data Regeneration Paradigm - Ontological Shift from Data Transmission to Synchronous State Discovery

---

Technical Foundation

Key derivation (same as Python/Go/Kotlin/C# versions):

Key Type	Iterations	Purpose
Private Key	30	Password generation (never stored, never transmitted)
Public Key	60	Verification (stored locally)

Character Set: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$&*-_

Decentralized Architecture:

• No central authority required
• Metadata can be synced via any channel (USB, cloud, even paper)
• Your security depends only on your secret phrase, not on any service provider
• Works offline — no internet connection required

Installation

Just copy smartpasslib.js to your project and include it:

<script src="path/to/smartpasslib.js"></script>

Quick Usage

Generate Smart Password

const secret = "MyStrongSecretPhrase2026!";
const length = 16;

const password = await SmartPassLib.generateSmartPassword(secret, length);
console.log(password); // e.g., "jrh_E5V!2#neNjnP"

Generate Public/Private Keys

const secret = "MyStrongSecretPhrase2026!";

const publicKey = await SmartPassLib.generatePublicKey(secret);
const privateKey = await SmartPassLib.generatePrivateKey(secret);

console.log('Public Key (store locally):', publicKey);
console.log('Private Key (never store):', privateKey);

Verify Secret Against Public Key

const secret = "MyStrongSecretPhrase2026!";
const storedPublicKey = "..."; // from local

const isValid = await SmartPassLib.verifySecret(secret, storedPublicKey);
if (isValid) {
    const password = await SmartPassLib.generateSmartPassword(secret, 16);
}

Generate Random Passwords

// Strong random (cryptographically secure)
const strong = await SmartPassLib.generateStrongPassword(20);

// Base random
const base = await SmartPassLib.generateBasePassword(16);

// Authentication code (4-20 chars)
const code = await SmartPassLib.generateCode(8);

API Reference

Properties

Property	Type	Description
VERSION	string	Library version
CHARS	string	Character set used for generation
PRIVATE_ITERATIONS	number	30 iterations for private key
PUBLIC_ITERATIONS	number	60 iterations for public key

Methods

Method	Parameters	Returns	Description
generatePrivateKey(secret)	secret: string	Promise<string>	Private key (30 iterations)
generatePublicKey(secret)	secret: string	Promise<string>	Public key (60 iterations)
verifySecret(secret, publicKey)	secret, publicKey	Promise<boolean>	Verify secret matches public key
generateSmartPassword(secret, length)	secret, length	Promise<string>	Deterministic password
generateStrongPassword(length)	length	Promise<string>	Cryptographically random
generateBasePassword(length)	length	Promise<string>	Simple random password
generateCode(length)	length	Promise<string>	Short code (4-20 chars)

Input Validation

Parameter	Minimum	Maximum
Secret phrase	12 chars	unlimited
Password length	12 chars	1000 chars
Code length	4 chars	20 chars

Security Requirements

Secret Phrase

• Minimum 12 characters (enforced)
• Case-sensitive
• Use mix of: uppercase, lowercase, numbers, symbols, emoji, or Cyrillic
• Never store digitally
• NEVER use your password description as secret phrase

Strong Secret Examples

✅ "MyStrongSecretPhrase2026!"   — mixed case + numbers + symbols
✅ "P@ssw0rd!LongSecret"         — special chars + numbers + length
✅ "КотБегемот2026НаДиете"       — Cyrillic + numbers

Weak Secret Examples (avoid)

❌ "GitHub Account"              — using description as secret (weak!)
❌ "password"                    — dictionary word, too short
❌ "1234567890"                  — only digits, too short
❌ "qwerty123"                   — keyboard pattern
❌ Same as description           — never use the same value as password description

Decentralized Nature

There is no "forgot password" button. This is by design:

• No central server can reset your passwords
• No support team can recover your access
• Your secret phrase is the ONLY key

This is the price of true decentralization — you are completely in control.

Cross-Platform Implementations

The same deterministic algorithm is available in multiple languages. SmartPassLib JS produces identical passwords to:

Language	Repository
Python	smartpasslib
Kotlin	smartpasslib-kotlin
Go	smartpasslib-go
C#	smartpasslib-csharp

Testing

Open test.html in your browser to run the test suite.

Ecosystem

Core Libraries:

• smartpasslib - Python
• smartpasslib-js - JavaScript (this)
• smartpasslib-kotlin - Kotlin
• smartpasslib-go - Go
• smartpasslib-csharp - C#

CLI Applications:

• CLI Smart Password Manager (Python)
• CLI Smart Password Generator (Python)
• CLI Smart Password Manager (C#)
• CLI Smart Password Generator (C#)

Desktop Applications:

• Desktop Smart Password Manager (Python)
• Desktop Smart Password Manager (C#)

Other:

• Web Smart Password Manager
• Android Smart Password Manager

License

BSD 3-Clause License

Copyright (©) 2026, Alexander Suvorov

Author

Alexander Suvorov - GitHub

---

Support

• Issues: GitHub Issues
• Documentation: This README