Python random module should probably not be used for password generator
Python docs for random http://docs.python.org/library/random.html say that:
The Mersenne Twister is one of the most extensively tested random number generators in existence. However, being completely deterministic, it is not suitable for all purposes, and is completely unsuitable for cryptographic purposes.
To me, this means that it's probably not a good idea to be using random.choice() and random.shuffle() as the only source of randomness in src/lib/util.py:generate_password(), since the passwords are potentially vulnerable to an informed attacker.
os.urandom() is the best bet, I think. It's already used for encrypting the file, are there any reasons why it shouldn't be used for generating secure passwords as well?