Password managers are important tools that enable us to use stronger passwords, freeing us from the cognitive burden of remembering them. Despite this, there are still many users who do not fully trust password managers. In this paper, we focus on a feature that most password managers offer that might impact the user's trust, which is the process of generating a random password. We survey which algorithms are most commonly used and we propose a solution for a formally verified reference implementation of a password generation algorithm. We use EasyCrypt as our framework to both specify the reference implementation and to prove its functional correctness and security.

中文翻译：

---

对密码管理器中使用的密码生成算法进行正式验证

密码管理器是重要的工具，使我们能够使用更强的密码，让我们摆脱记住密码的认知负担。尽管如此，仍有许多用户不完全信任密码管理器。在本文中，我们关注大多数密码管理器提供的可能影响用户信任的功能，即生成随机密码的过程。我们调查了最常用的算法，并为密码生成算法的正式验证参考实现提出了解决方案。我们使用 EasyCrypt 作为我们的框架来指定参考实现并证明其功能正确性和安全性。