From 6d386708fdf55aec6ef8eaf6be6a4d8bbbf91a0a Mon Sep 17 00:00:00 2001
From: Jeff Burdges <burdges@gnunet.org>
Date: Mon, 9 Mar 2020 15:27:47 +0100
Subject: [PATCH 1/3] Remarks on passwrod generation

I suppose the code should go elsewhere.
---
 src/distributions/other.rs | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/src/distributions/other.rs b/src/distributions/other.rs
index 32cc470d1eb..f9279e7ce80 100644
--- a/src/distributions/other.rs
+++ b/src/distributions/other.rs
@@ -36,6 +36,37 @@ use serde::{Serialize, Deserialize};
 ///         .collect();
 /// println!("Random chars: {}", chars);
 /// ```
+///
+/// # Passwords
+///
+/// We caution that strings produced by sampling `Alphanumeric` tend not
+/// to be particularly memorable when used as passwords by humans.  
+/// Instead, we suggest that human memorable passwords be created by
+/// drawing words independently and uniformly at random from a large wordlist. 
+///
+/// Each random word contributes `log2(wordlist_length)` bits of entropy.
+///
+/// Among the widely reviewed wordlists, there are [Diceware](https://en.wikipedia.org/wiki/Diceware)
+/// wordlists for many major langauges, including some from security
+/// organizations like the E.F.F., and many of which further facilitate
+/// memorability by avoiding homophones and words with tricky spelling.
+///
+/// There exists [several crates](https://crates.io/search?q=diceware) for
+/// this but `rand::seq::SliceRandom::choose` works too:
+/// ```
+/// # use rand::Rng;
+/// #[allow(dead_code)]
+/// pub fn make_password<R: Rng>(wordlist: &[impl ::core::borrow::Borrow<str>], entropy: u32, rng: &mut R) -> String {
+///     use rand::seq::SliceRandom;
+///     use core::convert::TryInto;
+///     let entropy: f64 = entropy.into();
+///     let l: u32 = wordlist.len().try_into().unwrap();
+///     assert!( l > 0 );
+///     let l: f64 = l.into();
+///     let l = (entropy / l.log2()).ceil() as usize;
+///     (0..l).map(|_| wordlist.choose(rng).unwrap().borrow() ).collect::<String>()
+/// }
+/// ```
 #[derive(Debug)]
 #[cfg_attr(feature = "serde1", derive(Serialize, Deserialize))]
 pub struct Alphanumeric;

From 1ad1e1931237d75dd5b146d69ff787314ea436e7 Mon Sep 17 00:00:00 2001
From: Diggory Hardy <git@dhardy.name>
Date: Tue, 7 Jul 2020 09:14:42 +0100
Subject: [PATCH 2/3] Condense advice on password generation

---
 src/distributions/other.rs | 36 ++++++++++--------------------------
 1 file changed, 10 insertions(+), 26 deletions(-)

diff --git a/src/distributions/other.rs b/src/distributions/other.rs
index f9279e7ce80..787c81e4560 100644
--- a/src/distributions/other.rs
+++ b/src/distributions/other.rs
@@ -39,34 +39,18 @@ use serde::{Serialize, Deserialize};
 ///
 /// # Passwords
 ///
-/// We caution that strings produced by sampling `Alphanumeric` tend not
-/// to be particularly memorable when used as passwords by humans.  
-/// Instead, we suggest that human memorable passwords be created by
-/// drawing words independently and uniformly at random from a large wordlist. 
+/// Users sometimes ask whether it is safe to use a string of random characters
+/// as a password. `Alphanumeric` generates from an alphabet of 62 symbols, thus
+/// each character can provide `log2(62) = 5.95...` bits of entropy. We suggest
+/// consulting external sources for more. One may start with the
+/// [Wikipedia article on Password Strength](https://en.wikipedia.org/wiki/Password_strength).
 ///
+/// We caution that strings produced by sampling `Alphanumeric` tend not
+/// to be particularly memorable when used as passwords by humans.
+/// Drawing words from a specially-curated word-list such as
+/// [Diceware](https://en.wikipedia.org/wiki/Diceware) may be a better option
+/// for memorable passwords.
 /// Each random word contributes `log2(wordlist_length)` bits of entropy.
-///
-/// Among the widely reviewed wordlists, there are [Diceware](https://en.wikipedia.org/wiki/Diceware)
-/// wordlists for many major langauges, including some from security
-/// organizations like the E.F.F., and many of which further facilitate
-/// memorability by avoiding homophones and words with tricky spelling.
-///
-/// There exists [several crates](https://crates.io/search?q=diceware) for
-/// this but `rand::seq::SliceRandom::choose` works too:
-/// ```
-/// # use rand::Rng;
-/// #[allow(dead_code)]
-/// pub fn make_password<R: Rng>(wordlist: &[impl ::core::borrow::Borrow<str>], entropy: u32, rng: &mut R) -> String {
-///     use rand::seq::SliceRandom;
-///     use core::convert::TryInto;
-///     let entropy: f64 = entropy.into();
-///     let l: u32 = wordlist.len().try_into().unwrap();
-///     assert!( l > 0 );
-///     let l: f64 = l.into();
-///     let l = (entropy / l.log2()).ceil() as usize;
-///     (0..l).map(|_| wordlist.choose(rng).unwrap().borrow() ).collect::<String>()
-/// }
-/// ```
 #[derive(Debug)]
 #[cfg_attr(feature = "serde1", derive(Serialize, Deserialize))]
 pub struct Alphanumeric;

From 880254d6666afab3143dfca9b9bf2912d4e412e6 Mon Sep 17 00:00:00 2001
From: Vinzent Steinberg <Vinzent.Steinberg@gmail.com>
Date: Sat, 1 Aug 2020 18:01:22 +0200
Subject: [PATCH 3/3] Avoid to give advice on password generation

---
 src/distributions/other.rs | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/src/distributions/other.rs b/src/distributions/other.rs
index 787c81e4560..46d3c57c922 100644
--- a/src/distributions/other.rs
+++ b/src/distributions/other.rs
@@ -40,17 +40,19 @@ use serde::{Serialize, Deserialize};
 /// # Passwords
 ///
 /// Users sometimes ask whether it is safe to use a string of random characters
-/// as a password. `Alphanumeric` generates from an alphabet of 62 symbols, thus
-/// each character can provide `log2(62) = 5.95...` bits of entropy. We suggest
-/// consulting external sources for more. One may start with the
-/// [Wikipedia article on Password Strength](https://en.wikipedia.org/wiki/Password_strength).
+/// as a password. In principle, all RNGs in Rand implementing `CryptoRng` are
+/// suitable as a source of randomness for generating passwords (if they are
+/// properly seeded), but it is more conservative to only use randomness
+/// directly from the operating system via the `getrandom` crate, or the
+/// corresponding bindings of a crypto library.
 ///
-/// We caution that strings produced by sampling `Alphanumeric` tend not
-/// to be particularly memorable when used as passwords by humans.
-/// Drawing words from a specially-curated word-list such as
-/// [Diceware](https://en.wikipedia.org/wiki/Diceware) may be a better option
-/// for memorable passwords.
-/// Each random word contributes `log2(wordlist_length)` bits of entropy.
+/// When generating passwords or keys, it is important to consider the threat
+/// model and in some cases the memorability of the password. This is out of
+/// scope of the Rand project, and therefore we defer to the following
+/// references:
+///
+/// - [Wikipedia article on Password Strength](https://en.wikipedia.org/wiki/Password_strength)
+/// - [Diceware for generating memorable passwords](https://en.wikipedia.org/wiki/Diceware)
 #[derive(Debug)]
 #[cfg_attr(feature = "serde1", derive(Serialize, Deserialize))]
 pub struct Alphanumeric;