October 2009 Archives

NSIS Plugin Released: Pwgen

| No TrackBacks

I've been working on an installer for a Windows service using Nullsoft Scriptable Install System. This installer creates a special account to run the service under, but to do so, it has to come up with a random password. NSIS offers a few existing mechanisms for random numbers, but neither are anything but basic PRNGs.

In order to get *good* random passwords, we want the equivalent of /dev/urandom. Microsoft provides the CryptoAPI, which includes the CryptGenRandom() API. I developed a DLL plugin for NSIS called Pwgen that collects entropy from the OS and generates a random password, restricted to the 62-character set of alphanumerics.

You can download pwgen-001 directly from me. I also recommend the official Pwgen plug-in wiki page on the NSIS wiki and the discussion thread on the Winamp NSIS forum.