Function: Using the Diceware
method for strong passphrase generation, this workflow generates a 10
word passphrase from the Diceware
word list. The passphrase is inserted into your Keychain and
copied to the clipboard.
Author: Garry Myers
Update 1.1
Added CocoaDialog dialog for user to enter account name associated with the password; the dialog includes a default answer of your OSX short username. The selected account name is entered into the Keychain with the password.
Replaced the Applescript dialog notification for successful pasword generation with a Growl notification to reduce user interaction with windows.
Requires: CocoaDialog installed in /Applications and the Growl Automator action.
Notes: For those who use OpenPGP, Hushmail and other similar encryption tools, a strong passphrase is critical for security. The Diceware method is a very secure way of generating such passphrases with high entropy. The default passphrase in this workflow is 10 words, which gives a passphrase that matches the 128 bit security of Hushmail and OpenPGP.
The über-paranoid will not want to use this workflow as it is based on
the Perl implementation of rand() – thus the selection of words from
the word list is not totally random. Also, the copy to the clipboard
step is for convenience and is not a secure way of handling
passphrases – folks may want to delete the line:
from the Run Shell Script action in Step 2 if this is an
issue [1].echo $pwd |
pbcopy
However, for most real world purposes, this workflow is more than adequate and has the advantage of directly inserting the passphrase into your Keychain, rather than writing it down anywhere.
[1] If you edit this in Automator, ensure that in Step 1, the shell is
set to /usr/bin/perl
…there is a bug in Automator that causes the Run
Shell Script action to default to /bin/bash
when re-opening the
workflow regardless of what was set at last save.