I use security/keepassx for password generation and storage, primarily because it is available on multiple platforms and I'm able to share the database with different OSes. The random password generation is done in its src/apg/randpass.c. Unlike the word generator pronpass.c in the same directory, the randpass routines are not extensively documented. They certainly work well enough for my purposes, which is to fill out strings with ASCII and allow me to set length and character types.
The PRNG is C++ randint. I don't know anything about its underlying calls, and assume the code for it could be found somewhere in OpenBSD's src/gnu/lib/libstdc++*, but I really don't know. For these relatively short strings, I'm not sure it makes a significant difference.
|