Random password generation for apps?

[Fangbeast]

Has anyone written a random password generator for their apps before I laughingly attempt one myself?

Also, can the password style on a string gadget be set and unset on the fly?

A friend of mine asked for this and I thought that I may as well.

[Sicro]

You can use this code from me:

Code: Select all

Procedure$ GeneratePassword(allowedChars$, passwordLength)
  Protected i, countOfAllowedChars, result$
  
  If OpenCryptRandom() = #False
    ProcedureReturn "ERROR"
  EndIf
  
  countOfAllowedChars = Len(allowedChars$)
  
  For i = 1 To passwordLength
    result$ + Mid(allowedChars$, CryptRandom(countOfAllowedChars-1)+1, 1)
  Next
  
  CloseCryptRandom()
  
  ProcedureReturn result$
EndProcedure

Define allowedChars$

For i = 'A' To 'Z' : allowedChars$ + Chr(i) : Next
For i = 'a' To 'z' : allowedChars$ + Chr(i) : Next
For i = '0' To '9' : allowedChars$ + Chr(i) : Next

Debug GeneratePassword(allowedChars$, 5)
Debug GeneratePassword(allowedChars$, 10)

If the password generator also ensures that each character group (A-Z, a-z, 0-9, ...) occurs at least once in the password, it would be even more secure.
How secure should the password be?

[Dude]

Here's what I made once:

Code: Select all

Procedure.s Password(length=4,symbols=1)

  max=5

  If symbols=0
    max=4
  EndIf

  If length>3 ; Must be at least 4 characters.
  
    Dim a$(length)
    
    Repeat
      pos+1
      type+1 : If type=max : type=1 : EndIf
      Select type
        Case 1 : a$(pos)=Chr(Random(122,97)) ; a-z
        Case 2 : a$(pos)=Chr(Random(90,65))  ; A-Z
        Case 3 : a$(pos)=Chr(Random(57,48))  ; 0-9
        Case 4 : a$(pos)=Chr(Random(47,33))  ; !$#
      EndSelect
    Until pos=length
    
    RandomizeArray(a$(),1,length)
    
    For a=1 To length : p$+a$(a) : Next
  
  EndIf
  
  ProcedureReturn p$

EndProcedure

For a=1 To 5 : Debug Password(20) : Next
Debug ""
For a=1 To 5 : Debug Password(20,0) : Next

Sample output:

Code: Select all

z.yUz##5,dC73+X98pIP
EHjw5p%%5+Ha%15'WXi3
XmHr/RLjd79/7z9"K2%+
92+SX4c(Ceoh%i/87EL+
e0T4!BD%v0Ub35I%do,/

sWom720O81zNfY9ryQSU
3GZZeIJt93o8k3ny4tON
gPxMS094wh8R1tHQ2vRl
bb9Rhw0gh4e8VL9WP9UG
L6Vp26b3Kr4QjA4CvtWa

[blueb]

Go to: https://www.rsbasic.de/backups/

and look for: Rosetta Code Website.ZIP that I downloaded some time ago...

Code: Select all

;==================================================================
; Rosetta Task: Password generator
;
;	Create a password generation program which will generate passwords containing random ASCII characters from the following groups:
;	         lower-case letters:  a ──► z
;	         upper-case letters:  A ──► Z
;	                     digits:  0 ──► 9
;	 other printable characters:  !"#$%&'()*+,-./:;<=>?@[]^_{|}~ 
;	 (the above character list excludes white-space, backslash and grave) 
;
;	The generated password(s) must include   at least one   (of each of the four groups):
;	   lower-case letter, 
;	   upper-case letter,
;	   digit  (numeral),   and 
;	   one  "other"  character. 
; =================================================================
EnableExplicit
 
Procedure.b CheckPW(pw.s)
  Define flag.b=#True,
         tmp.b=#False,
         c.c,
         s.s,
         i.i  
  For c='a' To 'z'
    tmp=Bool(FindString(pw,Chr(c)))
    If tmp : Break : EndIf
  Next  
  flag & tmp
  tmp=#False  
  For c='A' To 'Z'
    tmp=Bool(FindString(pw,Chr(c)))
    If tmp : Break : EndIf
  Next  
  flag & tmp
  tmp=#False  
  For c='0' To '9'
    tmp=Bool(FindString(pw,Chr(c)))
    If tmp : Break : EndIf
  Next  
  flag & tmp
  tmp=#False  
  For c='!' To '/'
    s+Chr(c)
  Next  
  For c=':' To '@'
    s+Chr(c)
  Next  
  s+"[]^_{|}~"  
  For i=1 To Len(pw)
    tmp=Bool(FindString(s,Mid(pw,i,1)))
    If tmp : Break : EndIf
  Next    
  flag & tmp  
  ProcedureReturn flag
EndProcedure
 
Procedure.s InputHdl(prompt.s="")
  Define txt.s,
         s.s,
         r.i,
         hlp.s  
  Restore Help_01
  Read.s hlp  
  Print(prompt)       
  Repeat
    s=Inkey()    
    If s<>""
      If FindString("0123456789",s)
        txt+s
        Print(s)
      EndIf
      If s=Chr(27)
        txt="0"
        Break
      EndIf            
    ElseIf RawKey()
      r=RawKey()      
      If r=112
        PrintN("")
        PrintN(hlp)  
        Print(~"\n"+prompt)
      EndIf
    EndIf
    Delay(20)
  Until s=Chr(13)
  PrintN("")  
  ProcedureReturn txt
EndProcedure
 
NewList PasswordChar.c()
Define c.c,
       pwlen.i,
       n_of_pw.i, 
       pwstr.s,
       i.i
For c='!' To '~'
  If c<>'\' And c<>'`'
    AddElement(PasswordChar()) : PasswordChar()=c
  EndIf  
Next
OpenConsole("Password generator: F1=Help; Esc=End")
Repeat
  pwlen=Abs(Val(InputHdl("Length of the password (n>=4): ")))
  If pwlen=0 : Break : EndIf
  If pwlen<4 : Continue : EndIf
  n_of_pw=Abs(Val(InputHdl("Number of passwords (n>=1): ")))
  If n_of_pw=0 : Break : EndIf  
  For i=1 To n_of_pw    
    Repeat      
      pwstr=Mid(pwstr,2)
      RandomizeList(PasswordChar())
      ResetList(PasswordChar())      
      While NextElement(PasswordChar())
        pwstr+Chr(PasswordChar())      
        If Len(pwstr)>=pwlen : Break : EndIf
      Wend
    Until CheckPW(pwstr)
    PrintN(RSet(Str(i),Len(Str(n_of_pw))," ")+") "+pwstr)
    pwstr=""
  Next
  PrintN("")
ForEver
End
 
DataSection
  Help_01:
  Data.s ~"Help: Password generator\n"+
         ~"------------------------\n"+
         ~"Blabla bla blabla bla blablabla.\n"+
         ~"Blabla bla  blablabla.\n"+
         ~"Bla blabla bla blablabla bla.\n"+
         ~"Blabla bla blabla bla.\n"+
         ~"Bla blabla bla blablabla blablabla.\n"+
         ~"Blabla bla blabla bla blablabla.\n"+
         ~"Blabla blabla bla blablabla."
  EndOfHelp:
EndDataSection

; Output:
; Length of the password (n>=4): 10
; Number of passwords (n>=1): 12
;  1) UteCZm/!9V
;  2) R1B*C'gw&<
;  3) uPDw.:FhY2
;  4) v&0HD6tA);
;  5) Ldspz:XcT4
;  6) ^a9>Viv"R2
;  7) k*x=6VCqMd
;  8) y6Jz)p|^=h
;  9) UO|sFD^Ry2
; 10) 1g5*e/:kZf
; 11) y;mJ{g7QX#
; 12) _Nh=:'V|a2
; 
; Length of the password (n>=4):

[TI-994A]

Has anyone written a random password generator...

Here's a pretty simple one that does the job. There are options for caps, numerics, and special characters.

Code: Select all

;password configurations
passwordLength = 10
alpha$ = "a-z"
alphaCaps$ = "A-Z"
numerics$ = "0-9"
specialCharacters$ = "\~\!\@\#\$\%\&\*\-\_\=\+\?"

;password generator (rem/unrem RegExp strings as required)
If CreateRegularExpression(0, "[" + 
                              alpha$ + 
                              alphaCaps$ + 
                              numerics$ + 
                              ;specialCharacters$ +
                              "]") 
  For i = 1 To passwordLength  
    While Not MatchRegularExpression(0, Chr(seed))
      seed = Random(126, 32)         
    Wend
    password$ + Chr(seed)
    seed = 0
  Next i
  Debug password$
  FreeRegularExpression(0)  
EndIf

The special characters string has been remmed out in this example; just rem/unrem any of them as required.

[skywalk]

Windows only for the SHOW/HIDE password...

Code: Select all

EnableExplicit
Global.i flag, quit
Global.s r$
;-!Base Conversions and KeyCode$
#Base62$    = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"   ; Upper/Lower Case and numerals
#Base64$    = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/"
#Base94$    = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz `~!@#$%^&*()-_=+[{]}\|;:',<.>/?"
#Base95$    = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz `~!@#$%^&*()-_=+[{]}\|;:',<.>/?" + Chr(34)
Structure ScanChar
  c.c[0]
EndStructure
Procedure.s RandomS(nChars.i, BaseToUse$=#Base62$)
  Protected.i i, lenBase = Len(BaseToUse$) - 1
  Protected.s s$ = Space(nChars)
  Protected.i *s.ScanChar = @s$
  Protected *b.ScanChar = @BaseToUse$
  While i < nChars
    *s\c[i] = *b\c[Random(lenBase)]
    i + 1
  Wend
  ProcedureReturn s$
EndProcedure
Procedure strCB()
  If flag
    SendMessage_(GadgetID(0), #EM_SETPASSWORDCHAR, 0, 0)
  Else
    SendMessage_(GadgetID(0), #EM_SETPASSWORDCHAR, 64, 0)
  EndIf
EndProcedure
If OpenWindow(0,0,0,300,200,"TRY-RND-PW-ON-OFF", #PB_Window_SystemMenu | #PB_Window_ScreenCentered)
  StringGadget(0,10,10,280,22,"Plain Text Password", #PB_String_Password)
  SendMessage_(GadgetID(0), #EM_SETPASSWORDCHAR, 64, 0)
  StringGadget(10,10,42,280,22,"Plain Text Password")
  ButtonGadget(1,10,90,100,24,"SHOW/HIDE PWD")
  ButtonGadget(2,120,90,100,24,"NEW RND PWD")
  BindGadgetEvent(0,@strCB())
  Repeat
    Select WaitWindowEvent()
    Case #PB_Event_CloseWindow
      Quit = 1
    Case #PB_Event_Gadget
      Select EventGadget()
      Case 1
        flag = 1 - flag
        SetActiveGadget(0)
      Case 2
        ;RandomSeed(42)
        r$ = RandomS(8, #Base94$)
        SetGadgetText(10, r$)
        SetGadgetText(0, r$)
        r$ = #Empty$
        SetActiveGadget(0)
      EndSelect
    EndSelect
  Until Quit = 1
EndIf

[Fangbeast]

You can use this code from me:

Code: Select all

Procedure$ GeneratePassword(allowedChars$, passwordLength)
  Protected i, countOfAllowedChars, result$
  
  If OpenCryptRandom() = #False
    ProcedureReturn "ERROR"
  EndIf
  
  countOfAllowedChars = Len(allowedChars$)
  
  For i = 1 To passwordLength
    result$ + Mid(allowedChars$, CryptRandom(countOfAllowedChars-1)+1, 1)
  Next
  
  CloseCryptRandom()
  
  ProcedureReturn result$
EndProcedure

Define allowedChars$

For i = 'A' To 'Z' : allowedChars$ + Chr(i) : Next
For i = 'a' To 'z' : allowedChars$ + Chr(i) : Next
For i = '0' To '9' : allowedChars$ + Chr(i) : Next

Debug GeneratePassword(allowedChars$, 5)
Debug GeneratePassword(allowedChars$, 10)

If the password generator also ensures that each character group (A-Z, a-z, 0-9, ...) occurs at least once in the password, it would be even more secure.
How secure should the password be?

Looks good Sicro, thanks. Don't know how secure my friend wants to be, he just wanted something for the MyInfo program I released a few weeks ago. Since some sites wanted symbols as well in the normal character range, I have added

Code: Select all

For i = '!' To '/' : allowedChars$ + Chr(i) : Next

to your code. Nice and simple!!!

[TI-994A]

Purely PureBasic, and hopefully cross-platform:

Code: Select all

;==============================================================
;   Simple Password Generator using Regular Expressions
;   with StringGadget() Show/Hide Password Button
;
;   tested & working with PureBasic v5.70 LTS beta 4 (x64) 
;   running on Windows 10 and MacOS High Sierra
;
;   by TI-994A - free to use, improve, share...
;
;   25th February 2019
;==============================================================

Enumeration
  #mainWin
  #pwString
  #pwLength
  #pwLengthLabel
  #pwShowHide
  #pwGenFrame
  #pwGenerate
  #alphaCheck
  #alphaCapsCheck
  #numericsCheck
  #specialCharsCheck
EndEnumeration

Procedure.s passwordGenerator()  
  
  passwordLength = Val(GetGadgetText(#pwLength))
  If passwordLength < 8 Or passwordLength > 20
    If passwordLength < 8
      passwordLength = 8
    Else
      passwordLength = 20
    EndIf    
    SetGadgetText(#pwLength, Str(passwordLength))
  EndIf  
  If GetGadgetState(#alphaCheck)
    chrExp$ + "a-z"
    regExp$ + "(?=.*[a-z])"
  EndIf
  If GetGadgetState(#alphaCapsCheck)
    chrExp$ + "A-Z"
    regExp$ + "(?=.*[A-Z])"
  EndIf
  If GetGadgetState(#numericsCheck)
    chrExp$ + "0-9"
    regExp$ + "(?=.*[0-9])"
  EndIf
  If GetGadgetState(#specialCharsCheck)
    chrExp$ + "\~\!\@\#\$\%\&\*\-\_\=\+\?"
    regExp$ + "(?=.*[~!@#$%&*-_=+\?])"
  EndIf
  
  chrExp$ = "[" + chrExp$ + "]"
  regExp$ = "^" + regExp$ + ".*$"  
  
  If CreateRegularExpression(0, regExp$) 
    If CreateRegularExpression(1, chrExp$) 
      While Not MatchRegularExpression(0, password$)
        password$ = ""
        For i = 1 To passwordLength  
          While Not MatchRegularExpression(1, Chr(seed))
            seed = Random(126, 32)         
          Wend
          password$ + Chr(seed)
          seed = 0
        Next i   
      Wend
      FreeRegularExpression(0)  
      FreeRegularExpression(1)  
    EndIf
  EndIf
  ProcedureReturn password$
EndProcedure

wFlags = #PB_Window_SystemMenu | #PB_Window_ScreenCentered
OpenWindow(#mainWin, 0, 0, 350, 330, "Simple Password Generator", wFlags)
StringGadget(#pwString, 20, 20, 230, 30, "", #PB_String_Password)
ButtonGadget(#pwShowHide, 250, 20, 80, 30, "show/hide", #PB_Button_Toggle) 
FrameGadget(#pwGenFrame, 20, 70, 310, 240, "Password Generator")
StringGadget(#pwLength, 40, 100, 30, 20, "8", #PB_String_Numeric)
TextGadget(#pwLengthLabel, 80, 100, 250, 30, "Password Length")
CheckBoxGadget(#alphaCheck, 40, 130, 250, 20, " Alphabets (a to z)")
CheckBoxGadget(#alphaCapsCheck, 40, 160, 250, 20, " Capital Alphabets (A to Z)")
CheckBoxGadget(#numericsCheck, 40, 190, 250, 20, " Numericals (0 - 9)")
CheckBoxGadget(#specialCharsCheck, 40, 220, 250, 20, " Special Characters (~!@#$%&*-_=+?)")
ButtonGadget(#pwGenerate, 40, 260, 270, 30, "GENERATE PASSWORD")

SetActiveGadget(1)
SetGadgetState(#alphaCheck, #PB_Checkbox_Checked)

Repeat
  event = WaitWindowEvent()
  Select event
    Case #PB_Event_CloseWindow
      appQuit = 1
    Case #PB_Event_Gadget
      Select EventGadget()
        Case #pwShowHide, #pwGenerate
          passwordShow = 0
          If EventGadget() = #pwGenerate
            SetGadgetState(#pwShowHide, 1)
            password$ = passwordGenerator()
          Else            
            password$ = GetGadgetText(#pwString)
            If GetGadgetState(#pwShowHide) = 0
              passwordShow = #PB_String_Password
            EndIf
          EndIf          
          StringGadget(#pwString, 20, 20, 230, 30, password$, passwordShow)          
      EndSelect      
  EndSelect  
Until appQuit

[Papala]

Maybe you can have a look here

[Fangbeast]

Thanks everyone, all good suggestions. Am currently adding something to the MyInfo program for my friend. It will allow manual and automatic generation (Over the protest of my wife who doesn't think it should have both :))

[Fangbeast]

Been playing with this message and on my windows 10 box, it takes nearly 2 seconds to work for both show and hide.

Code: Select all

SendMessage_(GadgetID(0), #EM_SETPASSWORDCHAR, 0, 0)

When used on web logins where there is a show/hide button, it is instant. I wonder if there was a huge change to the API to slow things down this much? (Just musing)

[Dude]

From MSDN: "The SendMessage function calls the window procedure for the specified window and does not return until the window procedure has processed the message."

Try PostMessage instead, which returns immediately.

[TI-994A]

...it takes nearly 2 seconds to work for both show and hide.

Code: Select all

SendMessage_(GadgetID(0), #EM_SETPASSWORDCHAR, 0, 0)

Two seconds is quite a substantial lag; doesn't sound quite right.

[Fangbeast]

...it takes nearly 2 seconds to work for both show and hide.

Code: Select all

SendMessage_(GadgetID(0), #EM_SETPASSWORDCHAR, 0, 0)

Two seconds is quite a substantial lag; doesn't sound quite right.

Well,t his is the insider edition where you play a lottery of "if by some miracle it still works", you sacrifice a fresh goat to srod:):)

I'll try dude's suggestion about postmessage tonight and I am assuming that it uses the same structure.

Currently overheating here.

[TI-994A]

Well, this is the insider edition...

I've played that version many a time.

And yes; the PostMessage() function has the exact parameter structure as the SendMessage() function; although I don't expect it to be any better.