[stephenr]

How does this compare to say pwgen?

[ankitpati]

pwgen

1. Focuses on memorable passwords, and restricts itself to fewer ASCII characters than rpg.

2. Makes no attempt to preserve entropy; waste of entropy is potentially unbounded. This is a performance concern when reading from /dev/random, and a security concern when reading from /dev/urandom.

3. Has large source code spread across multiple files. Good for reusability of components, not so good for auditability and security.

4. Requires Perl and sed.

[stephenr]

1. That's what the `-s|--secure` flag is for

3. Is 1000 lines in 6 files really "large"?

4. On Debian at least, it just requires Libc.

[ankitpati]

1. Sorry, didn't know about that. Just took a cursory glance through the source code.

3. 126 lines in 1 file is still an order of magnitude smaller.

4. The source has a Perl and a sed script, although they are not used in the password generation.

(2) is still a concern, especially on servers and embedded computers.