Open defuse opened 8 years ago
Incorporate ObiWan (from GRC newsgroups) feedback:
Nice; I've picked the source code and recomplied it on windows and it works just fine; just a couple notes change the code as follows #find{plain#} Facebook #include <windows.h> #include <wincrypt.h> #pragma comment(lib,"advapi32") #endif so that, compiling the app with "MSVC" won't require manually specifying to add the advapi library (the pragma tells that to the compiler) Also, if I'm not wrong, there should be a way to tell the cryptoAPI to gather entropy from the audio card (if present.. and many/most current computers have one); that would improve the randomness of the generated numbers; if my brain is still working the idea was almost the same as the one shown here http://www.vanheusden.com/aed/ just, in windows case, the data was gathered using DirectX/Direct3D calls and then handled almost like shown in the above code; time ago I was looking at a piece of code showing how to exactly use such an entropy source to feed its data to the cryptoapi but... <sigh> can't find the link right now :( couple additional notes First of all, it would be a good idea using "getopt" to parse arguments; for windows (which doesn't have its own) you may use the attached one (source) Second; using getopt you'll be able to easily extend the options and this will be useful to add some options like -n number will generate "number" passwords -x will output each pass in all three formats as for the options, the idea is that one may then run something like passgen -n 10 -x >passwords.txt and the output file will then look like (e.g.) asciipass<tab>hexpass<tab>alphapass<nl> asciipass<tab>hexpass<tab>alphapass<nl> ... asciipass<tab>hexpass<tab>alphapass<nl> that is, each line will contain password in all three available formats, separated by a "tab" (\t) char the above may be useful in some cases ;-) Another option may be -f filename specifies a filename containing entropy data so that one may generate an entropy "payload" using whatever method and feed it to the password generator HTH Or either (some further food for thought, sorry for spamming :D !) http://blogs.msdn.com/b/michael_howard/archive/2005/01/14/353379.aspx
Incorporate ObiWan (from GRC newsgroups) feedback: