Hacker News new | ask | show | jobs
by ankitpati 3306 days ago
pwgen

1. Focuses on memorable passwords, and restricts itself to fewer ASCII characters than rpg.

2. Makes no attempt to preserve entropy; waste of entropy is potentially unbounded. This is a performance concern when reading from /dev/random, and a security concern when reading from /dev/urandom.

3. Has large source code spread across multiple files. Good for reusability of components, not so good for auditability and security.

4. Requires Perl and sed.
1 comments
stephenr 3306 days ago
1. That's what the `-s|--secure` flag is for

3. Is 1000 lines in 6 files really "large"?

4. On Debian at least, it just requires Libc.

link
ankitpati 3306 days ago
1. Sorry, didn't know about that. Just took a cursory glance through the source code.

3. 126 lines in 1 file is still an order of magnitude smaller.

4. The source has a Perl and a sed script, although they are not used in the password generation.

(2) is still a concern, especially on servers and embedded computers.

link