v3.0.0 - Cryptographic rewrite with async, DI, presets and passphrases

Release v3.0.0 - cryptographic rewrite with async, DI, presets and passphrases

BREAKING CHANGES

• Invalid settings now throw ArgumentException from Next() instead of
  returning an error string. Use TryNext(out var password) for a
  non-throwing alternative.
• Minimum runtime raised to .NET 8 (net8.0 + net10.0). netstandard2.0
  is dropped. Consumers on .NET Framework or older runtimes should stay
  on the 2.x line.

SECURITY / CORRECTNESS

• Replaced System.Random with CryptoRandomSource backed by
  RandomNumberGenerator.GetInt32 — unbiased sampling, no modulo bias.
• Replaced GUID-based shuffle with a Fisher–Yates shuffle.
• Empty special-character sets are now validated rather than silently
  weakening output.

ADDED

• Async APIs: NextAsync, GenerateAsync.
• Dependency injection: AddPasswordGenerator(...) with fluent code
  configuration and appsettings.json binding via IConfiguration.
• Presets: ForOwasp, ForNist, ForOtp, ForApiKey, ForEnvironmentName,
  ForPassphrase, ForPassphraseWithEntropy, ForMemorable.
• Passphrases now use the EFF Large Wordlist (7,776 words, ~12.9 bits/
  word); a 6-word phrase is ~77 bits. Optional symbol injection for
  policies that require a special character. Optional null separator to
  concatenate words without a delimiter.
• Entropy estimation: EstimateEntropyBits() on IPasswordGenerator.
• Custom pools: WithCharacters(string), WithAllAscii().
• Quality controls: ExcludeAmbiguous(), RequireAtLeast(CharacterClass, n).
• Batch API: Generate(count) and parameterless Generate() driven by
  PasswordOptions.DefaultBatchCount.

PACKAGING

• PackageIcon, PackageReadmeFile, SourceLink, deterministic build,
  .snupkg symbol package.
• NuGet dependencies: Microsoft.Extensions.DependencyInjection.Abstractions
  and Microsoft.Extensions.Configuration.Binder (both 10.0.8).

COMPATIBILITY

The v2 public surface (Next, NextGroup, constructors, IncludeX,
LengthRequired) is unchanged and continues to work, except for the
error-handling breaking change above. See docs/migration-v2-to-v3.md.

v3.0.0-beta02

Full Changelog: v3.0.0-beta01...v3.0.0-beta02

v3.0.0-beta01

v3.0.0-beta01

A major release focused on cryptographic correctness, a modern API, and broader use cases. See the v2 → v3 migration guide.

🔒 Security & correctness fixes

• Passwords are now generated with unbiased cryptographic randomness using RandomNumberGenerator.GetInt32 (removes modulo bias)
• Replaced the GUID-based shuffle with a proper Fisher–Yates shuffle
• Fixed an off-by-one in length handling
• Empty special-character sets are now validated rather than silently producing weaker output

✨ New features

• Passphrases now use the EFF Large Wordlist (7,776 words) — a 6-word phrase is ~77 bits of entropy
• Entropy targeting: ForPassphraseWithEntropy(bits) derives word count to meet a target; minimumEntropyBits enforces a floor
• Symbol injection: ForPassphrase(..., includeSymbol: true) satisfies "must contain a symbol" policies without sacrificing memorability
• Presets: ForOwasp, ForNist, ForOtp, ForApiKey, ForPassphrase, ForMemorable
• Async APIs: NextAsync, GenerateAsync
• Batch generation: Generate(count)
• Dependency injection: AddPasswordGenerator(...) with code and appsettings.json binding
• Builder methods: WithCharacters, WithAllAscii, ExcludeAmbiguous, RequireAtLeast
• Entropy estimation: EstimateEntropyBits() is now part of the IPasswordGenerator interface

⚠️ Breaking changes

• Invalid settings now throw ArgumentException from Next() instead of returning an error message as the password. Use TryNext(out var password) for a non-throwing path.
• Minimum runtime is now .NET 8. Targets net8.0 and net10.0; netstandard2.0 has been dropped. Consumers on .NET Framework or older runtimes should stay on the 2.x line.

Full Changelog: 2.1.0...v3.0.0-beta01

2.1.0

This is the code used for the NuGet 2.1.0 package