spass-3.1 Secure Password Generator Released

Usually release announcements go together with the actual release. Somehow, I’ve postponed writing about the new release for quite some time, but better late than never.

spass is a tool that creates cryptographically strong passwords and passphrases by generating random bits from your sound card. It works by passing noise from the sound card through a Von Neumann process to remove bias and then uses MD5 to “distill” a truly random bit from every 4 bits of input.

The new version of spass, version 3.1, was released two months ago. The code should now compile easily on both Linux (ALSA, OSS and PortAudio backends) and Windows (only PortAudio is supported). There is some minor tweaks to the CLI, but the main part is a new Qt interface, screenshots of it available on the project’s SourceForge page. I’ve also migrated the build system to CMake (from automake) which should make it easier to build.

You can download the sources, 64bit Debian package and binaries for windows from here. If you use spass and create binary packages for more platforms, it will be great.

BTW as you can see I’ve migrated the code to SourceForge from GitHub. I know it not a popular move, but their lack of binary downloads is really frustrating.

spass-3.0 Released

I’ve released today the new version of spass, a tool that creates cryptographically strong passwords and passphrases by generating random bits from your sound card.

In the user facing side, spass can now create passphrases as long as passwords. The words for the passphrases are chosen out of a list of 8192 words which means each word adds 13 bits of entropy to the passphrase.

spass can now use one of three audio backends (the old version could only use OSS):

  • Advanced Linux Sound Architecture (ALSA)
  • Open Sound System (OSS)
  • PortAudio

The PortAudio support will hopefully make it easy to port spass to other platforms as well (such as Windows). The random number generator got overhauled and now there is an unbiasing step before applying the hash function. This should help getting consistent results in terms of entropy. In the backstage I’ve migrated the project from autotools to cmake.

You can find more information, as well as both source and binary packages in

spass-2.0 – Secure Password Generator

This is a complete rewrite of my secure password generator. The new version uses my a true random number generator (and here).

The major change was using the new true random number generator in order to ensure strong passwords. Less significant changes include an easy way to specify password’s strips, and some calling convention changes.

Usage examples:

$ ./spass
$ ./spass -l 14
$ ./spass -s 0-9a-f -l 32

Download the tarball spass-2.0.tar.bz2. The program depends on Boost‘s program_options (it was tested against version 1.37 and 1.42 and should work with other versions too).

spass 1.1 – Secure Password Generator

This is a new version of my /dev/random based secure password generator – spass. The new version doesn’t have new features, it’s mainly a bug-fix release. The package now uses autotools, which means it has the standard configure script and makefile. I also fixed some typos in the help message. Overall the new version doesn’t offer anything new compared to the old one, except for easier installation.
Continue reading spass 1.1 – Secure Password Generator

spass – A Secure Password Generator Utility

spass is a secure password generation tool. spass was designed under the assumption that a password generator is as good as its random number generator, so spass uses the Random class, a /dev/random based cryptographically strong random number generator class. As always, I tried to make the command-line interface as user-friendly as possible (as much as a command-line interface can be friendly).
Continue reading spass – A Secure Password Generator Utility