I like the password generator and virtual dice roller on https://www.random.org, but I guess it requires one to trust their claims that they are getting numbers from atmospheric noise and not a PRNG secretly.
More importantly, that's over the network so you have to trust the site to not log what it gives back, every CA to not have issued a false cert for them (allowing them to be trivially MITMd), and all software that runs on your computer to boot.
The "PRNG" vs "Real RNG" boogeyman scare is such a load of horseshit.
The whole point of modern PRNGs is that they're good enough computers can't detect patterns. I assure you that you're gaining zero security by using random.org vs openssl rand... and in fact, you're losing massive amounts of security because it's going over the network.
Minor nitpick: you should replace "PRNG" with "cryptographically secure PRNG". Not all PRNG methods are aiming for the standard of "computers can't detect patterns", for example the common Mersenne Twister PRNG would not be a good choice to generate crypto keys or passwords.
You're right that using an internet service like that to generate passwords is insane, and there is no need for some fancy custom RNG hardware just to generate some keys/passwords.
Tinfoil hat time: if your password manager uses a bad generation scheme or backdoored RNG like Dual EC, then its passwords might be much easier to crack than they would appear.
I know you covered yourself with the tinfoil disclaimer, but Ima take you seriously here for a thought experiment...
I wonder if that's actually a risk? At least for people not being individually targeted?
A random Elbonian hacker who gets a dump of 117 million password hashes has (at least) three approaches she can take to make use of it - she can run oclHashcat or JtR using a good wordlist (say, Hashkiller or phpbb) and a reasonable ruleset to tweak them, which'll fairly quickly reveal common, reused, or guessable passwords in hours/days/weeks - or she can set it to enumerate through an entire $howeverymany bit password space, which is guaranteed to find all the passwords but not before the heat death of the universe... Or she could try only the selections out of that random keyspace that a flawed version of FooPasswordSafe is capable of generating. I'm not sure how long the last approach would take, but it'd have to be both a pretty flawed PRNG and a very widely used password safe for it to come anywhere near as useful as approach 1.
(If she's only cracking the hash for the sbeirwagen@gmail.com record, things are somewhat different to if she's just trying to find _any_ "useable" passwords out of 117 million... And if she _knows_ sbeirwagen uses DudPasswordSafe.exe, it's likely she knows better ways of attempting to acquire your password than hoping to crack it from publicly released credential dumps...)
