Jump to content

Diceware Password


Recommended Posts

Edit by deanishe: This workflow does not use a good source of random data. It does not generate secure passwords in its current state (see post below for reasons). 

 

A workflow for generating passwords using diceware and either Python's pseudo-random number generator or the random.org API (more secure).

 

diceware_password.png

 

See the README for more information.

 

Download the workflow here.

 

Source available on GitHub.

Edited by deanishe
Added warning about lacking randomness
Link to comment
  • 7 months later...

Just stumbled across this. Two observations:

  • random.org is not more secure. It may be in theory, but using a web service as a source of entropy is a terrible idea. It is relatively easy to subvert a webservice with versions of Python before 2.7.9, which do not verify SSL certificates. This means every pre-Yosemite OS X release. A web service is only acceptable as a source of entropy if you XOR the data with existing random data.
  • Python's random module is not suitable for crypto purposes, i.e. generating passwords. It says so very clearly in the Python docs. As it also states there, use SystemRandom or os.urandom() for cryptographic purposes.

I've added a note to your post to reflect the fact that these passwords are not secure. Please fix the issue.

Edited by deanishe
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...