The following versions of the EntroPy Password Generator Web Version are currently supported with security updates. Unsupported versions will not receive patches for vulnerabilities.
| Version | Supported | End-of-Life Date |
|---|---|---|
| Latest | ✅ | TBD (Est. October 2026) |
| Beta / Pre-release | ❌ | - |
Note: The Web Version is hosted on GitHub Pages. Always ensure you are using the latest deployed version.
The EntroPy Password Generator Web Version is hosted on GitHub Pages and is intended for public use. However, beta or pre-release versions accessible via alternate URLs are for testing purposes only and may contain unpatched vulnerabilities. For production use, always use the official GitHub Pages link.
To ensure the secure use of the EntroPy Password Generator Web Version:
- Use a modern, updated browser (e.g., Chrome, Firefox, Edge, Safari).
- Ensure you are visiting the:
official GitHub Pages URL - Verify that the connection is HTTPS-secured.
- Do not memorize passwords generated by this tool.
- Use a trusted password manager (e.g., Bitwarden) to store generated passwords.
- The only password you should memorize is your password manager's master password.
- Enable two-factor authentication wherever possible.
If you discover a security vulnerability in the EntroPy Password Generator Web Version, please report it promptly. We consider vulnerabilities such as:
- Cryptographic weaknesses in password generation
- Insecure random number generation in the browser
- Client-side code execution flaws
- Data leakage or exposure
-
Where to Report:
Email [email protected] with a detailed description of the issue. Include:- Steps to reproduce
- Browser and version
- Impact and affected functionality
- For sensitive reports, request our PGP key for encrypted communication.
-
Expected Response Time:
- Acknowledgment within 48 hours
- Detailed assessment and plan within 7 business days
-
Resolution Process:
- Accepted Vulnerabilities: A fix will be prioritized based on severity. Critical issues will be patched as soon as possible.
- Declined Vulnerabilities: If the issue is not reproducible or out of scope, you will be notified with an explanation.
-
Responsible Disclosure Timeline:
- Acknowledgment: Within 48 hours
- Initial assessment: Within 7 business days
- Patch release: As soon as possible (typically 7–30 days)
- Public disclosure: Coordinated with the reporter after the patch is released
-
Confidentiality:
Do not disclose the vulnerability publicly until we have resolved it and provided clearance. Responsible reporters may be acknowledged (with consent) in release notes or a project "Hall of Fame." -
Contact for Queries:
For questions about the process, email [email protected].
- 🌐 Live Web Version
- 📖 Interactive Documentation
- 🐍 Original Python Project
- 🔗 Web Version Repository
- OWASP Secure Coding Practices
- NIST SP 800-63B – Digital Identity Guidelines
We appreciate your cooperation in responsibly reporting vulnerabilities to help maintain the security of the EntroPy Password Generator Web Version.