Secure Password Generator

Sep 21, 2016 00:00 · 333 words · 2 minutes read golang security crypto password

For many years now I have been running a tight ship with regards to passwords, but I’ve always been uneasy about a single point; where do my passwords come from?

Human beings are no good at deliberately introducing entropy; we’re just terrible at thinking randomly, which is why we need to rely on machines to do this for us. A cleverly constructed piece of software will create legitimate chaos, which is exactly what we need in a secure password.

My password system is pretty robust. I have unique passwords for every single application or service; these passwords are cryptographically secured on my private computer, and backed up in various private places.

Generating these passwords has always been a sticking point; historically I’ve used several password generation websites but this has always left me feeling uneasy. What if these websites are malicious? What if I am being tracked via some random cookie and the password generator site knows that I’m making a password just when I’m registering for a particular other service? What if these generator sites are simply not very good at making truly random passwords and I don’t notice? What if they simply go away one day, leaving me without a source of passwords?

The only thing I could think of to resolve these concerns was to make my own password generator. Ok, so that’s not strictly true since there are plenty of OpenSource generators I could have inspected and adopted, but where is the fun in that?

Cue a rainy Saturday and some free time, and now I have my own cryptographically secure strong password generator, implemented in Golang.

pwgen is currently functional and secure, but depending on how popular it gets I plan to evolve it to do more things.

We’ll see. For now, my sticking point is removed. :-)

Example Usage

$ pwgen -length 20 -charset alpha

Or in its most simple form, defaulting to 16 alphanumeric characters, you can just:

$ pwgen

GitHub repo for pwgen