Follow

TIL the NSA has an open source key, password, and passphrase generator on GitHub.

github.com/nsacyber/RandPassGe

@atoponce Too bad it's written in Java. I don't have any problem with the language, but I haven't had to install any JRE on my machine yet, and that feels like a pretty hefty requirement for a tool that could be written as a static binary nowadays (golang, rust, etc.)

@funnylookinhat But Java === Enterprise

Jokes aside, I'm meh about the choice of Java. Looking over the source code, I'm actually impressed with the quality of the the code itself. There are a number of things I can learn from this project, and maybe even implement in my own.

@bonifartius It has been 0 days since the NSA has compromised your computer.

@kzimmermann @atoponce With an enterprise-grade xml config file to fine-tuning your random password generation workflow

@atoponce I don't see any obvious backdoors though the way the bundle their wordlists seperately was suspicious, I check this even if you aren't the NSA. But you'd have to ask a cryptographer for full confidence given they implement their own PRNG.

@alcinnz I've been casually auditing it all day (around holiday activities). I'm not seeing anything out of place personally. And bundling the word list separately allows you to replace it with something else for various reasons.

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.