docs update

2022-03-04 01:27:15 -05:00 · 2022-03-04 01:27:15 -05:00 · b5de96c6d0
commit b5de96c6d0
parent 8562241d52
1 changed files with 11 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -4,6 +4,14 @@ A password generator written in Golang that offers highly-customizable generated

 ## What it Does Do

+PWGen generates cryptographically-sound (i.e. non-predictable) passwords:
+
+* The character set (or "charset"; the full list of possible characters to use in a password) is predefined at invocation, but the selection of a character in that list is determined by a cryptographically-driven random function (`crypto/rand` rather than simply `math/rand`).
+* The order of characters in this generated password itself is then shuffled using `crypto/rand` as well.
+* This is done for every single password generated.
+
+You can build (`cd cmd/pwgen && go build`) and then run `./pwgen -h` for all invocation options available.
+
 ## What it Doesn't Do
 PWGen does not, and will not, generate "Correct Horse Battery Stapler" passphrases (as demonstrated in [XKCD #936](https://xkcd.com/936/)).

@ -30,6 +38,9 @@ If you need to generate a very large number of passwords, however, there are som
 * Ensure that you stick to pre-defined charsets
  * This means no explicit chars defined and no excluded (disabled) chars defined; the number of those chars can affect generation time
 * Use a fixed length (e.g. `-l 16 -L 16`)
+* Do not use minimum charset requirements
+
+Sticking to these tips changes the generation time for me on my hardware from around 1 minute to about 1 second for 1 million passwords generated on my hardware. YMMV, of course, but you will absolutely see an exponential difference in speed by sticking to the above constraints.

 ## Other Tips