I recently put up on github the latest incarnation of a password generator I've been using for over a decade now.[1]
It uses gpg to encrypt each site's username and a random password (using /dev/urandom or CryptGenRandom as the entropy source) in a separate file ~/Documents/Passwords/<domain>.gpg . At the time I first wrote it, I wanted something that was future-proof and where I could decrypt my passwords anywhere, and where a hardware fault while adding a new password was unlikely to cause corruption of pre-existing passwords.
Make your xkcd wordlist (http://google.com/search?q=oxford+3000 is a good start), one line per word, and bzip2 compress it as ~/Documents/Passwords/wordlist.txt.bz2 (or My Documents\Passwords\wordlist.txt.bz2 on Windows) and run the password generator with --alphabet 100 (restricting choices of "alphabets" to those with over 99 characters) and you'll get xkcd-style pass phrases. I also put some numbers in my word list, so I get passwords like
blood Evil pint Urge occupy short railway 38
Diagram elbow Arrest 80 Ceremony monday salt sector
It defaults to making the password/pass phrase length ceil(96 * log(2) / log(len(alphabet))) (96 bits of entropy). If you want to dial that up to 128 bits (or down to 80 bits), put { "bits" : 128 } in ~/Documents/Passwords/config.json (My Documents/Passwords/config.json on windows).
Yes, I started out with a script that used the diceware wordlist to generate passwords and manually used gpg to store my passwords, then evolved my script to combine the two steps I was doing manually.
Have a look at my script. It's all of 200 lines. Easy to audit, and I'm not doing any of my own crypto or random number generation.
It uses gpg to encrypt each site's username and a random password (using /dev/urandom or CryptGenRandom as the entropy source) in a separate file ~/Documents/Passwords/<domain>.gpg . At the time I first wrote it, I wanted something that was future-proof and where I could decrypt my passwords anywhere, and where a hardware fault while adding a new password was unlikely to cause corruption of pre-existing passwords.
Make your xkcd wordlist (http://google.com/search?q=oxford+3000 is a good start), one line per word, and bzip2 compress it as ~/Documents/Passwords/wordlist.txt.bz2 (or My Documents\Passwords\wordlist.txt.bz2 on Windows) and run the password generator with --alphabet 100 (restricting choices of "alphabets" to those with over 99 characters) and you'll get xkcd-style pass phrases. I also put some numbers in my word list, so I get passwords like
It defaults to making the password/pass phrase length ceil(96 * log(2) / log(len(alphabet))) (96 bits of entropy). If you want to dial that up to 128 bits (or down to 80 bits), put { "bits" : 128 } in ~/Documents/Passwords/config.json (My Documents/Passwords/config.json on windows).[1]https://github.com/kmag/store_password_gpg