.webp?#)
![Apple Releases iOS 18.5 Beta 2 and iPadOS 18.5 Beta 2 [Download]](https://www.iclarified.com/images/news/97007/97007/97007-640.jpg)
![Apple Seeds watchOS 11.5 Beta 2 to Developers [Download]](https://www.iclarified.com/images/news/97008/97008/97008-640.jpg)
![Apple Seeds visionOS 2.5 Beta 2 to Developers [Download]](https://www.iclarified.com/images/news/97010/97010/97010-640.jpg)
![What’s new in Android’s April 2025 Google System Updates [U: 4/14]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/01/google-play-services-3.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![[The AI Show Episode 143]: ChatGPT Revenue Surge, New AGI Timelines, Amazon’s AI Agent, Claude for Education, Model Context Protocol & LLMs Pass the Turing Test](https://www.marketingaiinstitute.com/hubfs/ep%20143%20cover.png)
.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
How a job interview led me to create Obscura - A password generator with real entropy
Introduction During a recent interview for a Security Software Engineer position, I was given a challenge: create a secure password generator that takes into account real entropy. The interviewer wanted to see how I would approach the problem, and I was excited to take on the challenge. At first, I thought it would be a simple task. I had used password generators before (with Math.Random stuffs), and I assumed it would be easy to create one that was secure. But the conversation quickly steered away from superficial implementations and into deeper, often overlooked topic: entropy—and how most so-called generators don't handle it properly. The challenge The interviewer insisted on entropy being measurable, adjustable, and predictable based on user choice. He wasn't looking for a simple tool that just throws random characters together; he wanted a password generator that would : quantify the information entropy of the generated password, adapt based on character pool constraints (like avoiding duplicates or special characters), prevent common patterns and sequences (e.g., "123" or "qwerty" or "abc"), and still generate passwords that are straightforward to use and robust against brute-force attacks. That got me thinking about how most password generators out there are just glorified random characters generators. My thought process: understanding entropy I started by asking him about the definition of entropy in the context of password generation. He explained that entropy is a measure of uncertainty or randomness in a system. In the case of passwords, it refers to the unpredictability of the password itself. The more unpredictable a password is, the higher its entropy, and the more secure it is against brute-force attacks. (I said to my-self: come on man, you were supposed to make understand the concept not complicate it
Introduction
During a recent interview for a Security Software Engineer position, I was given a challenge: create a secure password generator that takes into account real entropy. The interviewer wanted to see how I would approach the problem, and I was excited to take on the challenge.
At first, I thought it would be a simple task. I had used password generators before (with Math.Random stuffs), and I assumed it would be easy to create one that was secure. But the conversation quickly steered away from superficial implementations and into deeper, often overlooked topic: entropy—and how most so-called generators don't handle it properly.
The challenge
The interviewer insisted on entropy being measurable, adjustable, and predictable based on user choice. He wasn't looking for a simple tool that just throws random characters together; he wanted a password generator that would :
- quantify the information entropy of the generated password,
- adapt based on character pool constraints (like avoiding duplicates or special characters),
- prevent common patterns and sequences (e.g., "123" or "qwerty" or "abc"),
- and still generate passwords that are straightforward to use and robust against brute-force attacks.
That got me thinking about how most password generators out there are just glorified random characters generators.
My thought process: understanding entropy
I started by asking him about the definition of entropy in the context of password generation.
He explained that entropy is a measure of uncertainty or randomness in a system. In the case of passwords, it refers to the unpredictability of the password itself.
The more unpredictable a password is, the higher its entropy, and the more secure it is against brute-force attacks. (I said to my-self: come on man, you were supposed to make understand the concept not complicate it
![Clojure Is Awesome!!! [PART 19]](https://media2.dev.to/dynamic/image/width%3D1000,height%3D500,fit%3Dcover,gravity%3Dauto,format%3Dauto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh1hgr4ezmrsop5qmdvwc.jpg)
