PureBasic Forums - English

Hi everyone!

I have managed to upload my new creation to my website: PassGen. As the name might suggest this is a password generator. It can generate a password containing up to 64 characters and the generated password can be copied into the clipboard. You can use numbers, letters and/or special characters to generate your new password.

Please note: PassGen is not a password manager. It will not save the generated password and it won’t tell you if the new password has already been used!

Technical notes:
The program was compiled using PB6.0 with the C backend on all systems. It is available on Windows, Linux and Raspberry Pi OS. The Linux version was compiled and tested on Ubuntu. The Raspberry Pi version was compiled and tested on a Raspberry Pi 4 with 4 GB RAM.


I use the RunProgram() command to open my website with the Help – Website menu option. On Linux (Ubuntu and Raspberry Pi OS) I use the following code to open the website:
It should open the default browser, which, in my case, is Firefox on Ubuntu and Chromium on Raspberry Pi OS.

If you have the time, could you please check if it works on your systems?


Also, on Linux systems, the actual help won’t work. The menu option is disabled for now as my help system doesn’t work on Linux. There is a readme.txt file instead.

Download
The program can be downloaded from my website: https://www.cyberstorm.hu/_en/core/soft ... ssgen.html

neuronic

What random generator do you use for generating a new password?

Hi!

I just use the simple Random() command. I may change it in the future.

neuronic

You should use CryptRandom() or CryptRandomData() for proper random data.

Add "Prohibition of repeating characters"
You can search "Unique Password" in this forum.

AZJIO wrote: Tue Aug 09, 2022 8:45 pm Add "Prohibition of repeating characters"

By doing so, the password generator would follow a rule.
The generated passwords would then no longer be random.

Little John wrote: Tue Aug 09, 2022 9:07 pmThe generated passwords would then no longer be random.

If we assume that randomly generates the password "SSS", that is, it will hit the same character 3 times. It is more logical that the program will remove the repetitions and try again to select a letter to make a more complex password, with a large number of different characters. This password is easier to remember and will be a weak "qqww". If the password is short, then it should not repeat a single character. If the password is average, then there should not be two identical characters next to each other.

AZJIO wrote: Tue Aug 09, 2022 9:23 pm

Little John wrote: Tue Aug 09, 2022 9:07 pmThe generated passwords would then no longer be random.

If we assume that randomly generates the password "SSS", that is, it will hit the same character 3 times. It is more logical that the program will remove the repetitions and try again to select a letter to make a more complex password, with a large number of different characters. This password is easier to remember and will be a weak "qqww". If the password is short, then it should not repeat a single character. If the password is average, then there should not be two identical characters next to each other.

Repeating characters can also appear in random data. And short passwords are by definition not safe. So why would anybody do this?
As Little John said: Every rule your password generator implements can also be implemented in a brute force attack which makes it weaker.

The settings for "Use small letters" and "Use special characters" are confusing, because in your screenshots, those options aren't part of the generated passwords. So I think the confusion is that they actually mean "Allow" instead of "Use"?

The probability of guessing a 4-digit password is (26+10)^4, and the probability of a password with non-repeating characters is (25+10)^4. The difference is small, but it can only be used if it is known in advance that the appropriate flag has been enabled for the password.

AZJIO wrote: Wed Aug 10, 2022 7:11 pm The probability of guessing a 4-digit password is (26+10)^4, and the probability of a password with non-repeating characters is (25+10)^4.

You might want to learn first what a probability is ...

When using all possible values, the probability will reach 100%. And before reaching this limit, the probability will be less. And if you make a hack generator, it is better that it starts checking when you switch a character in position from a repeat character, and after vowels, unvoiced letters are checked, and after unvoiced consonants, after the digit, the digit. This is a test of passwords created from names or dates or simplified dialing.

Hi!

@NicTheQuick
To be honest, I completely forgot about the CryptRandom() function. I will take a look into it and most likely I will implement it.

@AZJIO
I have seen some websites where it is mandatory to avoid the use of repeating characters in a password, so I will take your suggestion into consideration. Maybe I could implement it in a way that “Prohibition of repeating characters” is only active when the length of the password is below 10 characters. Anyway, I will look into it.

@BarryG
Thank you for pointing out this problem. I actually hope that I made a mistake with the screenshot. Probably generating the password first and then checking the option for special characters. I will definitely change the screenshot here and on my website as well. I have already done some tests but I may need more to see if there is a problem with the code.

Thank you for taking your time to check my program.

neuronic

Another suggestion: Avoid using similar characters like 0 and O, I and l and maybe more.

NicTheQuick wrote: Mon Aug 15, 2022 10:59 am Another suggestion: Avoid using similar characters like 0 and O, I and l and maybe more.

I recommend that, too. It is very annoying when you enter your own password incorrectly because it cannot be read reliably.
The lowercase “l” and uppercase “I” can also be confused with the digit “1”.