Generating Random Passwords
There's always System.Web.Security.Membership.GeneratePassword(int length, int numberOfNonAlphanumericCharacters
).
Generating a random password in php
Security warning:
rand()
is not a cryptographically secure pseudorandom number generator. Look elsewhere for generating a cryptographically secure pseudorandom string in PHP.
Try this (use strlen
instead of count
, because count
on a string is always 1
):
function randomPassword() {
$alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
$pass = array(); //remember to declare $pass as an array
$alphaLength = strlen($alphabet) - 1; //put the length -1 in cache
for ($i = 0; $i < 8; $i++) {
$n = rand(0, $alphaLength);
$pass[] = $alphabet[$n];
}
return implode($pass); //turn the array into a string
}
Demo
How do you generate passwords?
Mac OS X's "Keychain Access" application gives you access to the nice OS X password generator. Hit command-N and click the key icon. You get to choose password style (memorable, numeric, alphanumeric, random, FIPS-181) and choose the length. It also warns you about weak passwords.
Random password generation with conditions
1) randomly generate number L which will be the exact length of your password. Namely, generate is so that it is greater than 8
2) randomly generate a number LL which will be the number of lowercase letters. LC must be in range [1..L-2]
3) randomly generate number LU for uppercase. Must be in range [1..L-LL-1]
4) LD = L-LL-LU number of uppercase digits
5) randomly generate LL lowercase letters, LU uppercase letters, and LD digits and keep them in a list(array)
6) Shuffle the array randomly
hth
javascript password generator
I would probably use something like this:
function generatePassword() {
var length = 8,
charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789",
retVal = "";
for (var i = 0, n = charset.length; i < length; ++i) {
retVal += charset.charAt(Math.floor(Math.random() * n));
}
return retVal;
}
That can then be extended to have the length and charset passed by a parameter.
How to make a random password generator with at least one capital letter, lowercase letter, special character and number everytime in php
I created this basic code:
$digits = array_flip(range('0', '9'));
$lowercase = array_flip(range('a', 'z'));
$uppercase = array_flip(range('A', 'Z'));
$special = array_flip(str_split('!@#$%^&*()_+=-}{[}]\|;:<>?/'));
$combined = array_merge($digits, $lowercase, $uppercase, $special);
$password = str_shuffle(array_rand($digits) .
array_rand($lowercase) .
array_rand($uppercase) .
array_rand($special) .
implode(array_rand($combined, rand(4, 8))));
echo $password;
First I create arrays, of which the keys are what the variable names describes. This might seems somewhat strange, but this is done because array_rand()
returns random keys, not random values.
By explicitly defining the different types of characters you could remove some nasty ones. For instance, it can be hard to distinguish between I
, 1
, |
and l
or O
and 0
, depending on your font. You might want to remove those. You are also able to define your own set of special characters.
I then guarantee that at least one capital letter, one lowercase letter, one special character and one number is present by explicitly declaring so.
Finally I add a part of random characters of random length and shuffle the whole string.
A note: Choosing passwords for users can be a good idea. Users often find it hard to choose a good password. However, you're going for very difficult to remember, and difficult to enter, passwords. Is that really necessary? For instance, if you ask for an email address in combination with a password, then a 5 digit PIN number would already give 99999 possible passwords. That's a lot. If you only allow an user to try to enter a password wrong 5 times, before the login form gets blocked, then a hacker has only a 0.006% chance of a successful hack by brute force. Those are not good odds. A five digit password is much easier to work with for an user. The strength of the password should be proportional to that what it protects and other risk factors. You might be using passwords with a 0.00000000001% chance of a successful hack, but if the chance that an user gives the password "willingly" to a hacker, for instance through social hacking, is 0.0001% then there's little point to such a secure password.
Generate random password string with requirements in javascript
Forcing a fixed number of characters is a bad idea. It doesn't improve the quality of the password. Worse, it reduces the number of possible passwords, so that hacking by bruteforcing becomes easier.
To generate a random word consisting of alphanumeric characters, use:
var randomstring = Math.random().toString(36).slice(-8);
How does it work?
Math.random() // Generate random number, eg: 0.123456
.toString(36) // Convert to base-36 : "0.4fzyo82mvyr"
.slice(-8);// Cut off last 8 characters : "yo82mvyr"
Documentation for the Number.prototype.toString
and string.prototype.slice
methods.
Related Topics
Token Based Authentication in ASP.NET Core
Calling Unix and Linux Shared Object File .So from C#
Using .Net 4.5 Async Feature for Socket Programming
Why Are Unsigned Int's Not Cls Compliant
Better Way to Check If a Path Is a File or a Directory
Select Multiple Items from a Datagrid in an Mvvm Wpf Project
Write File from Assembly Resource Stream to Disk
C#: Printing All Properties of an Object
ASP.NET MVC Razor Pass Model to Layout
How to Check If a String Contains Any of Some Strings
Benchmarking Small Code Samples in C#, Can This Implementation Be Improved
Filesystemwatcher with Samba on Linux
Close a Messagebox After Several Seconds
Generic Constraints, Where T:Struct and Where T:Class
.Net: Simplest Way to Send Post with Data and Read Response
What Is the Simplest Way to Get Indented Xml with Line Breaks from Xmldocument