README
ΒΆ
π Entropy Forge
Production-grade cryptographically secure password generation for Go
Enterprise-ready password generation with multiple algorithms, real-time complexity analysis, and memory-optimized performance.
β¨ Features
π² Multiple Generation Algorithms
- Diceware Passphrases - Human-memorable, cryptographically secure
- CSPRNG Random - Maximum entropy character-based passwords
- Low-Allocation Variants - Memory-optimized for high-throughput applications
π Advanced Security
- NIST SP 800-63B Compliant - Meets enterprise security standards
- Cryptographically Secure - Uses
crypto/randfor true randomness - Real-time Analysis - Instant password strength assessment
- Pattern Detection - Identifies and prevents weak patterns
β‘ Performance Optimized
- Low-Allocation Design - 13% fewer allocations than standard approaches
- Concurrent Safe - Thread-safe generation with sync pools
- High Throughput - Optimized for production workloads
- Parallel Scaling - 15% faster under concurrent load
π Comprehensive Analysis
- Entropy Calculation - Shannon entropy and bit strength
- Complexity Scoring - 0-100 security rating
- Crack Time Estimation - Real-world attack time estimates
- Weakness Detection - Identifies vulnerabilities and suggests improvements
π Quick Start
π API Reference## π API Reference
Diceware Generation
type DicewareOptions struct {
WordCount int // Number of words (recommended: 6-8)
Separator string // Word separator: "-", " ", ""
Uppercase bool // Randomly uppercase one word
Capitalize bool // Capitalize all words
AddNumbers bool // Add random numbers
AddSymbols bool // Add random symbols
}
// Standard generation
func GenerateDiceware(opts DicewareOptions) (string, error)
// Memory-optimized generation
func GenerateDicewareLowAlloc(opts DicewareOptions, result *strings.Builder) error
// Generation with analysis
func GenerateDicewareWithAnalysis(opts DicewareOptions, result *strings.Builder) (*PasswordAnalysis, error)
CSPRNG Generation
// Standard CSPRNG password
func GenerateCSPRNG(length int) (string, error)
// Memory-optimized CSPRNG
func GenerateCSPRNGLowAlloc(length int, result *strings.Builder) error
// CSPRNG with analysis
func GenerateCSPRNGWithAnalysis(length int, result *strings.Builder) (*PasswordAnalysis, error)
Password Analysis
type ComplexityScore struct {
Score int `json:"score"` // 0-100 strength rating
Entropy float64 `json:"entropy_bits"` // Shannon entropy
Strength string `json:"strength"` // Human-readable strength
CrackTime string `json:"crack_time"` // Estimated crack time
Weaknesses []string `json:"weaknesses"` // Identified vulnerabilities
Suggestions []string `json:"suggestions"` // Security improvements
CharacterTypes int `json:"character_types"` // Character variety count
PatternScore int `json:"pattern_score"` // Pattern analysis score
}
func AnalyzePassword(password string) ComplexityScore
π― Usage Examples
Enterprise Diceware Passphrase
import entropyforge "github.com/muzzii255/entropy-forge"
opts := entropyforge.DicewareOptions{
WordCount: 8, // High security
Separator: "-", // Standard separator
Capitalize: true, // Title case
AddNumbers: true, // Numeric component
AddSymbols: false, // Avoid symbols for compatibility
}
password, _ := entropyforge.GenerateDiceware(opts)
// Result: "Corporate-Finance-Security-Protocol-Database-Network-Server-Gateway-847291"
High-Performance Generation
import (
"strings"
entropyforge "github.com/muzzii255/entropy-forge"
)
var builder strings.Builder
passwords := make([]string, 1000)
// Memory-optimized batch generation
for i := 0; i < 1000; i++ {
entropyforge.GenerateDicewareLowAlloc(opts, &builder)
passwords[i] = builder.String()
builder.Reset()
}
Security Analysis Workflow
import entropyforge "github.com/muzzii255/entropy-forge"
analysis, err := entropyforge.GenerateDicewareWithAnalysis(opts, &builder)
if err != nil {
return err
}
// Check if password meets requirements
if analysis.Complexity.Score < 75 {
fmt.Printf("Warning: Password strength is %s\n", analysis.Complexity.Strength)
fmt.Printf("Weaknesses: %v\n", analysis.Complexity.Weaknesses)
fmt.Printf("Suggestions: %v\n", analysis.Complexity.Suggestions)
}
// Log security metrics
log.Printf("Generated password: entropy=%.1f bits, score=%d, crack_time=%s",
analysis.Complexity.Entropy,
analysis.Complexity.Score,
analysis.Complexity.CrackTime)
π Benchmarks
Performance results on AMD Ryzen 7 5800X:
BenchmarkGenerateDiceware-16 192,172 6,019 ns/op 3,603 B/op 135 allocs/op
BenchmarkGenerateDicewareLowAlloc-16 226,718 5,401 ns/op 3,235 B/op 118 allocs/op
BenchmarkGenerateCsprng-16 273,978 4,446 ns/op 1,600 B/op 98 allocs/op
BenchmarkGenerateCsprngLowAlloc-16 257,148 4,288 ns/op 1,592 B/op 99 allocs/op
BenchmarkPasswordAnalysis-16 516,837 2,114 ns/op 1,064 B/op 9 allocs/op
BenchmarkGenerateDicewareParallel-16 1,000,000 1,034 ns/op
BenchmarkGenerateDicewareLowAllocParallel-16 1,373,158 884 ns/op
Key Performance Improvements:
- β 10% faster generation with low-allocation variants
- β 13% fewer memory allocations
- β 15% better parallel performance
- β Sub-microsecond analysis for real-time feedback
Run benchmarks yourself:
go test -bench=. -benchmem
π Security Features
Cryptographic Strength
- CSPRNG Foundation - All randomness sourced from
crypto/rand - No Predictable Patterns - Immune to statistical analysis
- Forward Secrecy - Past outputs don't compromise future generation
- Timing Attack Resistant - Constant-time operations where applicable
Entropy Analysis
// Diceware: log2(7776^6) β 77.5 bits
// CSPRNG: log2(94^24) β 157.8 bits
fmt.Printf("Entropy: %.1f bits\n", analysis.Complexity.Entropy)
Pattern Detection
- Keyboard Patterns - Detects qwerty, asdf sequences
- Dictionary Words - Identifies common passwords
- Character Repetition - Flags excessive repetition
- Sequential Characters - Catches abc, 123 patterns
π οΈ Installation
go get github.com/muzzii255/entropy-forge@latest
Requirements:
- Go 1.24.2 or later
golang.org/x/textfor Unicode text processing
π² Diceware Implementation
Entropy Forge implements the EFF Large Wordlist standard:
- 7,776 unique words (6^5 combinations)
- True dice simulation using crypto/rand
- NIST-compliant entropy calculation
- Multiple wordlist support (planned: international languages)
Entropy Calculation
Diceware: log2(7776) Γ word_count = 12.92 Γ 6 β 77.5 bits
CSPRNG: log2(charset_size) Γ length = log2(94) Γ 24 β 157.8 bits
π Password Strength Scale
| Score | Strength | Crack Time | Use Case |
|---|---|---|---|
| 90-100 | Very Strong | Centuries | High-value targets |
| 75-89 | Strong | Years | Enterprise accounts |
| 60-74 | Good | Months | Standard accounts |
| 40-59 | Fair | Days | Minimum acceptable |
| 20-39 | Weak | Hours | Needs improvement |
| 0-19 | Very Weak | Minutes | Unacceptable |
π License
MIT License - see LICENSE file for details.
π Why Entropy Forge?
For Developers
- Production-ready with comprehensive testing
- Memory-efficient for high-throughput applications
- Well-documented with clear examples
- Benchmark-driven development approach
For Security Teams
- Cryptographically sound algorithms
- Transparent implementation - no black boxes
- Compliance-ready for enterprise requirements
- Real-time analysis for policy enforcement
For DevOps
- Concurrent-safe for microservice architectures
- Low-allocation design reduces GC pressure
- Predictable performance under load
- Easy integration with existing Go services
Built with β€οΈ for the Go community
Entropy Forge: Where security meets performance
Documentation
ΒΆ
Index ΒΆ
Constants ΒΆ
This section is empty.
Variables ΒΆ
This section is empty.
Functions ΒΆ
func Diceware ΒΆ
func Diceware(opts DicewareOptions) (string, error)
func DicewareLowAlloc ΒΆ
func DicewareLowAlloc(opts DicewareOptions, result *strings.Builder) error
Types ΒΆ
type ComplexityScore ΒΆ
type ComplexityScore struct {
Score int `json:"score"` // 0-100
Entropy float64 `json:"entropy_bits"`
Strength string `json:"strength"` // "Very Weak", "Weak", "Fair", "Good", "Strong", "Very Strong"
CrackTime string `json:"crack_time"` // "2.3 years", "centuries"
Weaknesses []string `json:"weaknesses"`
Suggestions []string `json:"suggestions"`
CharacterTypes int `json:"character_types"` // Number of different char types used
PatternScore int `json:"pattern_score"` // Detection of common patterns
}
func AnalyzePassword ΒΆ
func AnalyzePassword(password string) ComplexityScore
type DicewareOptions ΒΆ
type PasswordAnalysis ΒΆ
type PasswordAnalysis struct {
Password string `json:"password"`
Length int `json:"length"`
Complexity ComplexityScore `json:"complexity"`
Generated string `json:"generated_at"`
}
func CsprngAnalysis ΒΆ
func CsprngAnalysis(length int, result *strings.Builder) (*PasswordAnalysis, error)
func DicewareAnalysis ΒΆ
func DicewareAnalysis(opts DicewareOptions, result *strings.Builder) (*PasswordAnalysis, error)
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.