Software Update: PWGen 1.40

Version 1.40 of PWG has been released on SourceForge. Enables the generation of random passwords with adjustable security from 32 to as much as 2048 bits. The result can be displayed in hexadecimal, Base64 (A..Z, a..z, 0..9, +, /) or as a passphrase. In addition, this program can also generate files filled with arbitrary data and permutations are carried out. The changelog for this release looks like this:

Changes in version 1.40:

• French translation of the program is available, thanks to Marc Croteau (by the way, I modified the structure of language.txt …)
• now PWGen uses the ANSI X9.17 CSPRNG (based on AES) to generate passwords, instead of directly accessing the random pool — this should be more secure (besides, PGP does it …)
• entropy gathering has been extended: PWGen intercepts all incoming Windows messages and adds the potentially “random” events (ie keystrokes and mouse clicks) to the pool; this means that the application _always_ collects entropy, whenever you type or click
• the information about the “security” of the current password (Step III) is flexible now, depending on the entropy bits in the random pool; hence it follows that, if you request the “next password” (Ctrl+N), the “security” information will be updated and display the current number of true random bits in the pool; note that creating the next password will “consume” password_size bits from the random pool
• a nice little feature can be accessed by F12: it shows a message box informing you of the number of true random bits in the pool
• if possible, PWGen calls the Pentium RDTSC instruction which returns a very high-resolution counter and results in excellent entropy values
• I have set the default value for “EntropySrcBIPB” (-> config.ini) to 0.5 (former 0.25) and the default value for “SysEntBitsOfInfo” to 34 (former 32); I’m sure this is perfectly OK, since the counters called by PWGen provide very good entropy
• new setting (-> config.ini) “RandSeedPath” (ie path to the randseed file containing the “seed” for the random pool); as this file contains sensitive data (although it is definitely _not_ possible to recover any information concerning passwords from it), you are now given the possibility to “hide” it, eg on a floppy disk or somewhere on your harddisk; you can specify a mere path or a concrete file name
• new functions:
  • “Phonetic” (i.e. pronounceable [using phoneme rules]) passwords can be created in the “Get Password List” menu (Ctrl+F5)
  • strong clipboard encryption (AES in CFB mode): Misc./Clipboard Encryption/Encrypt or Decrypt; can be used to encipher small(!) text files, for example password “safes” stored in text format hotkeys: Shift+Ctrl+C, Shift+Ctrl+D
  • “Permutation/Lottery” (F9): creates a random permutation that can be used as lottery numbers etc.
• removed “Add to File” (popup menu of the password field in Step III), added “Format as Entry”: formats the password as an “entry” (ie of a password safe) and copies it to the clipboard (hotkey: Ctrl +E)
• you can change the “security level” of the program in the configuration dialog (F3) and choose between “Low (speed has priority)”, “Normal” (ie the default settings) and “High (paranoia)”
• I made the confirmation message box shown when quitting the program a “security” message box, ie it can be disabled (-> config.ini)
• lots of the changes, modifications, bug fixes etc. only affect the source code of PWGen and don’t change the behavior of the program
• have I already mentioned the minor changes & fixes? †[break]