Passgen generates random sequences, and in order to do so, it needs access to
secure, random data. By default, it will use whatever is the best source of
randomness that is availalble on the system. For Linux, this means using the
getrandom system call, and falling back to
/dev/urandom, which are both
the most secure source of randomness on the platform. On
macOS that means using arc4random_buf to get random data, which
is equally secure. Both of these methods will pool randomness from various sources,
such as jitter, interrupt timings and the CPU's built-in randomness generator.
Using other sources of randomness is not recommended
Using alternative sources of randomness is not recommended, unless you know what you are doing. These are mainly implemented for testing purposes. The default system randomness generator produces the highest quality random data, better than any userspace PRNG. Do this only if you know what you are doing, for example if you have a hardware random number generator.
Passgen can also use other source of randomness if instructed. The
command-line utility takes the
--random RANDOM flag, which allows for
specifying an alternate source of randomness. Some randomness sources take an
|Use the system random number generator (default).
|Read randomness from the specified file. This can be used to read randomness from a different device, such as
/dev/random, or a hardware randomness generator.
|Does not return any random data, instead simply returns zeroes. Used only for testing.
|XorShift. Takes a non-zero number as seed. Produces very poor quality randomness.