About EPG

Extended Password Generator is the tool-at-hand of any system administrator to generate pronounceable and random passwords, secured against brute-force dictionary attacks.

These passwords are getting in the form of easily pronounceable English grammar, therefore they are easy to remember, store, and enter into the computer systems.

This algorithm was initially suggested by National Technical Information Service (NTIS), developed at Federal Information Processing Standard (FIPS) No181 "Automated Password Generator" and modified by me to implement exclude/include scheme.

This algorithm uses pseudo-random generator (PRG) to find characters that form syllables and then pronounceable words. PRG produces random data in accordance with the procedure, described in Appendix C of ANSI X9.17, and uses 3DES as block cipher. Values of seed and key are getting from OS CryptoAPI. That data is cryptographically random and may be used to generate random initialization vectors (IV) and salt values. So, it is no need to seed the random number generator manually.

EPG can also produce random (non-pronounceable) passwords.

Nowadays hackers are equipped with brute-force dictionaries of frequent, human-devised passwords. Running through that lists can help the attackers to find password and break open defence. In EPG each new password can be checked against the Bloom Filter, and if its hash found in the Filter, EPG marks it with '!' or 'X' (depending of what exactly were found in the Filter). BFM (Bloom Filter Manager) is shipped with EPG to help you manage the Bloom Filters. This idea of Bloom Filter was taken from Adel I. Mirzazhanov's APG. Probability of 'false positive' level is selected at 1%, as wishing to maximally decrease size of the Bloom Filter (and size of project itself) while this level stays relatively acceptable.

After all, EPG has also nice GUI with quality meter and context sensitive help with F1. Password list can be printed, exported to HTML or text files or be copied to clipboard.

EPG uses Boost Library. To recompile EPG yourself you need version 1.33.1 of Boost Library properly compiled and installed. Older versions should work too.

Thanx to:

• Adel I. Mirzazhanov for idea of EPG and Bloom Filter;
• Andrzej Markowski for his CCustomBitmapButton class;
• Boost developers;
• Chris Maunder for his excellent GridControl and CSystemTray classes and Iain Clarke for GridCellProgress control;
• Dr.Brian Gladman for his SHA algorithms implementaion;
• Eric Young for his DES ciphers implementation;
• uemakeXp development team for CDlgAnchor class;
• Wei Dai and his Crypto++ Library (and some ideas).

EPG is distributed under GNU General Public License.

EPG - Extended Password Generator
Copyright (C) 2002, 2003, 2004, 2005, 2006 Eugene Podkopaev


This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.


This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.


You should have received a copy of the GNU General Public License
along with this program; if not, write to the eugeneugene (at) users (dot) sourceforge (dot) net.