Initial commit of a word-based password generator.
The diceware algorithm is a password generation algorithm where users roll dice several times (around 7) to generate a random number. This random number is then used to index into a word list and select a word. This process is repeated until between 3 and 12 words are selected. With dozens to hundreds of dice rolls, this can get very tedious. The passgen program performs this work in C++. It uses the /dev/urandom device on all modern UNIX systems to get randomness. This randomness is used to index into a word list. It uses 18 bits of randomness per word. The word list is more than 262144 words long and thus is suitable for this use. Before running a random sample of the words are discarded from the list. The list is also randomly reshuffled before beginning the process to ensure that a random selection of words are removed. The reshuffling also means that the same stream of bits from /dev/urandom will not generate the same password. It will, however, be slightly dependent upon the randomness in the pre-shuffle. This randomness does not improve the security of those passwords. Words smaller than 4 letters are also removed. 18 bits requires 3 bytes to store cleanly, and more than 3 bytes in base32 (which is kind of like what we're generating these passwords in). Thus those shorter words represent a compression -- this lowers the minimum number of bytes necessary to encode the password and reduces the search surface slightly. (The worst case would be 4 words having two letters -- 8 bytes, at 5 bits per byte is 40 bits of search space. 4 words at 18 bits per word is 72 bits of search space. You lose 32 bits of total search space there, alone!) (Note: This is a commit of the latest passgen, but using sha256 object store.)
This commit is contained in:
