Generating Random Passwords

Generating Random Passwords

There's always System.Web.Security.Membership.GeneratePassword(int length, int numberOfNonAlphanumericCharacters).

Generating a random password in php

Security warning: rand() is not a cryptographically secure pseudorandom number generator. Look elsewhere for generating a cryptographically secure pseudorandom string in PHP.

Try this (use strlen instead of count, because count on a string is always 1):

function randomPassword() {
$alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
$pass = array(); //remember to declare $pass as an array
$alphaLength = strlen($alphabet) - 1; //put the length -1 in cache
for ($i = 0; $i < 8; $i++) {
$n = rand(0, $alphaLength);
$pass[] = $alphabet[$n];
}
return implode($pass); //turn the array into a string
}

Demo

How do you generate passwords?

Mac OS X's "Keychain Access" application gives you access to the nice OS X password generator. Hit command-N and click the key icon. You get to choose password style (memorable, numeric, alphanumeric, random, FIPS-181) and choose the length. It also warns you about weak passwords.

Random password generation with conditions

1) randomly generate number L which will be the exact length of your password. Namely, generate is so that it is greater than 8

2) randomly generate a number LL which will be the number of lowercase letters. LC must be in range [1..L-2]

3) randomly generate number LU for uppercase. Must be in range [1..L-LL-1]

4) LD = L-LL-LU number of uppercase digits

5) randomly generate LL lowercase letters, LU uppercase letters, and LD digits and keep them in a list(array)

6) Shuffle the array randomly

hth

javascript password generator

I would probably use something like this:

function generatePassword() {
var length = 8,
charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789",
retVal = "";
for (var i = 0, n = charset.length; i < length; ++i) {
retVal += charset.charAt(Math.floor(Math.random() * n));
}
return retVal;
}

That can then be extended to have the length and charset passed by a parameter.

How to make a random password generator with at least one capital letter, lowercase letter, special character and number everytime in php

I created this basic code:

$digits    = array_flip(range('0', '9'));
$lowercase = array_flip(range('a', 'z'));
$uppercase = array_flip(range('A', 'Z'));
$special = array_flip(str_split('!@#$%^&*()_+=-}{[}]\|;:<>?/'));
$combined = array_merge($digits, $lowercase, $uppercase, $special);

$password = str_shuffle(array_rand($digits) .
array_rand($lowercase) .
array_rand($uppercase) .
array_rand($special) .
implode(array_rand($combined, rand(4, 8))));

echo $password;

First I create arrays, of which the keys are what the variable names describes. This might seems somewhat strange, but this is done because array_rand() returns random keys, not random values.

By explicitly defining the different types of characters you could remove some nasty ones. For instance, it can be hard to distinguish between I, 1, | and l or O and 0, depending on your font. You might want to remove those. You are also able to define your own set of special characters.

I then guarantee that at least one capital letter, one lowercase letter, one special character and one number is present by explicitly declaring so.

Finally I add a part of random characters of random length and shuffle the whole string.

A note: Choosing passwords for users can be a good idea. Users often find it hard to choose a good password. However, you're going for very difficult to remember, and difficult to enter, passwords. Is that really necessary? For instance, if you ask for an email address in combination with a password, then a 5 digit PIN number would already give 99999 possible passwords. That's a lot. If you only allow an user to try to enter a password wrong 5 times, before the login form gets blocked, then a hacker has only a 0.006% chance of a successful hack by brute force. Those are not good odds. A five digit password is much easier to work with for an user. The strength of the password should be proportional to that what it protects and other risk factors. You might be using passwords with a 0.00000000001% chance of a successful hack, but if the chance that an user gives the password "willingly" to a hacker, for instance through social hacking, is 0.0001% then there's little point to such a secure password.

Generate random password string with requirements in javascript

Forcing a fixed number of characters is a bad idea. It doesn't improve the quality of the password. Worse, it reduces the number of possible passwords, so that hacking by bruteforcing becomes easier.

To generate a random word consisting of alphanumeric characters, use:

var randomstring = Math.random().toString(36).slice(-8);

How does it work?

Math.random()                        // Generate random number, eg: 0.123456
.toString(36) // Convert to base-36 : "0.4fzyo82mvyr"
.slice(-8);// Cut off last 8 characters : "yo82mvyr"

Documentation for the Number.prototype.toString and string.prototype.slice methods.



Related Topics



Leave a reply



Submit