True -- but absent logging, it should be absolutely possible to tell everyone how you generate your passwords without making them less secure.
For example, I get 44 bits of entropy from https://atlas.aylett.co.uk/pw/, purely from the randomness of the words. Knowing that I used that script doesn't help you: there's no point in adding every permutation to a list, there are too many of them.
If you don't know that I used this mechanism then you may be worse off, but I can't assume I'm better off.
And obviously I'm happy using my own generator, but the reason I wrote it was because I didn't want to have to trust someone else's :).
For example, I get 44 bits of entropy from https://atlas.aylett.co.uk/pw/, purely from the randomness of the words. Knowing that I used that script doesn't help you: there's no point in adding every permutation to a list, there are too many of them.
If you don't know that I used this mechanism then you may be worse off, but I can't assume I'm better off.
And obviously I'm happy using my own generator, but the reason I wrote it was because I didn't want to have to trust someone else's :).