[ Merci-Libre ]
Check out the source code here.
CLI-tool to generate extremely strong passwords using random number generation. Designed for backend usage, or personal use. Rewritten in Rust for increased memory safety, and ease of development. Read the blog post here.
A rewrite of the original Genpass-CLI tool in Rust. Allows for the generation of special characters and adds a cleaner look using the CLAP library, and implements steganography through the use of stegano, and steganography libraries.
Efficiency
While it uses a CSPRNG, it is only 1% stronger than the original Gordian Knot algorithm, with a total increase of 4-5% CPU usage. The benefit of it being written in Rust is the increased memory safety of the program, and a totally refactored string generation algorithm.
However, with the addition of being able to generate special characters, it has increased functionality— as well as increased password strength. When I was benchmarking Genpass-rs, I discovered it was actually stronger than KeePassXC at generating passwords with the extended ascii character set.
This only seemed to prove true when the length was <= 127, which extends my curiousity into why higher char count breaks entropy in genpass-rs.
Modularity
Since genpass-rs includes modules of code rather than including the whole project inside of one file, you can use stringgeneration.rs to extract the functionality of GenPass into whatever project you are working on. There are more details on the project's github page as to function parameters, and return types.
Steganographic Features
In February 2025, Genpass-rs 1.1.2 released. With it, came the largest addition:
Password/Secret Messaging Storage through Steganographic Measures.
This allows the user to store any text into .PNG images using the integrated CLI-tools that genpass-rs offers. The embedded message or text can be opted to be encrypted using the standard AES-128 encryption algorithm, passing for FIPS PUB 140-2: "Sensitive, but unclassified".
While it is non-standard and unconventional to store passwords using AES-128, the 'unconventional' trait is actually a bump on security with the project's steganographic features. An attacker wouldn't care if they had an image of your dog, your backyard tree, and may simply overlook these images had you stored them on your computer. With the addition of hiding this information by shredding the original file from your computer means that an attacker would simply overlook these images all-together, as it doesn't seem as there is any valuable information held there.
However, what if an attacker DOES obtain this file? That's where AES-128 comes in— thereby adding a layer of security to the scenario of "what if an attacker gets this?". They would not only need to find this file, but then use genpass-rs, or create their own tool to crack the image. Leaving time and resources as their limiting factors.