ObiWan's (old) feedback

[defuse]

Incorporate ObiWan (from GRC newsgroups) feedback:

Nice; I've picked the source code and recomplied it on windows
and it works just fine; just a couple notes

change the code as follows

#ifdef _WIN32
#include <windows.h>
#include <wincrypt.h>

#pragma comment(lib,"advapi32")
#endif

so that, compiling the app with "MSVC" won't require manually
specifying to add the advapi library (the pragma tells that to
the compiler)

Also, if I'm not wrong, there should be a way to tell the cryptoAPI
to gather entropy from the audio card (if present.. and many/most
current computers have one); that would improve the randomness
of the generated numbers; if my brain is still working the idea was
almost the same as the one shown here

http://www.vanheusden.com/aed/

just, in windows case, the data was gathered using DirectX/Direct3D
calls and then handled almost like shown in the above code; time ago
I was looking at a piece of code showing how to exactly use such an
entropy source to feed its data to the cryptoapi but... <sigh> can't
find
the link right now :(

 couple additional notes

First of all, it would be a good idea using "getopt" to
parse arguments; for windows (which doesn't have
its own) you may use the attached one (source)

Second; using getopt you'll be able to easily
extend the options and this will be useful to add
some options like

-n number will generate "number" passwords
-x                 will output each pass in all three formats

as for the options, the idea is that one may then run
something like

passgen -n 10 -x >passwords.txt

and the output file will then look like (e.g.)

asciipass<tab>hexpass<tab>alphapass<nl>
asciipass<tab>hexpass<tab>alphapass<nl>
...
asciipass<tab>hexpass<tab>alphapass<nl>

that is, each line will contain password in all three
available formats, separated by a "tab" (\t) char
the above may be useful in some cases ;-)

Another option may be

-f filename specifies a filename containing entropy data

so that one may generate an entropy "payload"
using whatever method and feed it to the password
generator

HTH

Or either (some further food for thought, sorry for spamming :D !)

http://blogs.msdn.com/b/michael_howard/archive/2005/01/14/353379.aspx

[A1hacker2023]

Incorporate ObiWan (from GRC newsgroups) feedback:

Nice; I've picked the source code and recomplied it on windows
and it works just fine; just a couple notes

change the code as follows

#find{plain#} Facebook 
#include <windows.h>
#include <wincrypt.h>

#pragma comment(lib,"advapi32")
#endif

so that, compiling the app with "MSVC" won't require manually
specifying to add the advapi library (the pragma tells that to
the compiler)

Also, if I'm not wrong, there should be a way to tell the cryptoAPI
to gather entropy from the audio card (if present.. and many/most
current computers have one); that would improve the randomness
of the generated numbers; if my brain is still working the idea was
almost the same as the one shown here

http://www.vanheusden.com/aed/

just, in windows case, the data was gathered using DirectX/Direct3D
calls and then handled almost like shown in the above code; time ago
I was looking at a piece of code showing how to exactly use such an
entropy source to feed its data to the cryptoapi but... <sigh> can't
find
the link right now :(

 couple additional notes

First of all, it would be a good idea using "getopt" to
parse arguments; for windows (which doesn't have
its own) you may use the attached one (source)

Second; using getopt you'll be able to easily
extend the options and this will be useful to add
some options like

-n number will generate "number" passwords
-x                 will output each pass in all three formats

as for the options, the idea is that one may then run
something like

passgen -n 10 -x >passwords.txt

and the output file will then look like (e.g.)

asciipass<tab>hexpass<tab>alphapass<nl>
asciipass<tab>hexpass<tab>alphapass<nl>
...
asciipass<tab>hexpass<tab>alphapass<nl>

that is, each line will contain password in all three
available formats, separated by a "tab" (\t) char
the above may be useful in some cases ;-)

Another option may be

-f filename specifies a filename containing entropy data

so that one may generate an entropy "payload"
using whatever method and feed it to the password
generator

HTH

Or either (some further food for thought, sorry for spamming :D !)

http://blogs.msdn.com/b/michael_howard/archive/2005/01/14/353379.aspx