A command-line password generator that sources entropy from /dev/urandom (configurable in the source to /dev/random), generates printable ASCII passwords without whitespace, and preserves entropy with a guarantee to waste no more than 63 bits of entropy in a single invocation on most modern machines.
1. Focuses on memorable passwords, and restricts itself to fewer ASCII characters than rpg.
2. Makes no attempt to preserve entropy; waste of entropy is potentially unbounded. This is a performance concern when reading from /dev/random, and a security concern when reading from /dev/urandom.
3. Has large source code spread across multiple files. Good for reusability of components, not so good for auditability and security.
5 comments
[ 0.84 ms ] story [ 22.1 ms ] thread1. Focuses on memorable passwords, and restricts itself to fewer ASCII characters than rpg.
2. Makes no attempt to preserve entropy; waste of entropy is potentially unbounded. This is a performance concern when reading from /dev/random, and a security concern when reading from /dev/urandom.
3. Has large source code spread across multiple files. Good for reusability of components, not so good for auditability and security.
4. Requires Perl and sed.
3. Is 1000 lines in 6 files really "large"?
4. On Debian at least, it just requires Libc.
3. 126 lines in 1 file is still an order of magnitude smaller.
4. The source has a Perl and a sed script, although they are not used in the password generation.
(2) is still a concern, especially on servers and embedded computers.