![]() ![]() Once you have these two components, all you need to do is ask the CSPRNG for a bit stream of length n, where n is the required strength of your password, and encode that bitstream using your selected encoding algorithm. Example of transformation algorithm not suitable for password generation: most regular hash algorithm. This is the part that is actually extremely easy, but most "regular people developing password generators" often overcomplicate unnecessarily, and end up weakening their password generation method.Įxample of one-to-one encoding algorithm: Diceware, base64, hex encoding, any perfect hash function. A one-to-one encoding is a function that does not have any output collisions for its inputs, so a the function does not lose any entropy produced by the RNG during the encoding. This algorithm encodes the bit stream produced by the RNG into something acceptable by the system that needs to use the password and, for memorizable password, the preference of the user. This is the part where most "regular people developing password generators" often don't really pay enough attention to.Ī one-to-one encoding algorithm. You should not attempt to write your own CSPRNG unless you have a deep background in CSPRNG mathematics. Regular PRNG like Mersenne Twister should not be used for key generation. ![]() ![]() In most cases however, you can just use a PRNG designed specifically for key generation like /dev/urandom, /dev/random, or CryptGenRandom. This means the output of the RNG is a bit stream that must not be predictable under any conditions. Creating a secure password generator is fairly easy, provided you have two components:Ī cryptographically secure RNG. ![]()
0 Comments
Leave a Reply. |