Random Password Generator With Pattern String Support

Download source files - 6.19 Kb

Introduction

Recently, one of my projects required a functionality where upon registering a new user in the system a password for the user had to be generated automatically. The requirement also dictated that the password generation process should support things like:

The minimum password length should be configurable.
The maximum password length should be configurable.
Number of uppercase/lowercase letters appearing should be configurable.
Password should contain at least x number of digits and or symbols.
Password should be all uppercase or all lowercase or both.

After a little bit of Googling, I came across a very good Password Generator. Unfortunately, this was written in PERL. Since my project was being developed using MS technologies (VB/ASP), I needed a solution using these technologies and that's when I ended up creating this JavaScript function.

Script inputs

The script takes the following four input parameters:

Pattern - This basically defines the password character composition. (Default is autogenerated.)
MinLength - The minimum password length. (Default is 8 characters.)
MaxLength - The maximum password length. (Default is 15 characters.)
AllowDuplicate - Determines, if a character already used can appear subsequently. (Default is False.)

All these parameters are optional. If no values are passed, the script uses the default values. In case of the maximum password length being greater than the pattern string length, the script automatically generates a new pattern string. Actually, this behavior can be altered such that it generates (maxlength - pattern.length) pattern characters only.

Pattern string

The heart of this little script is the pattern string. This string basically contains the following:

L - Denotes that a lower case English alphabet is desired at this position.
U - Denotes that an upper case English alphabet is desired at this position.
9 - Denotes that a digit between 0-9 is required at this position.
S - Denotes that a symbol character is desired at this position.

If the pattern string is not specified the script auto generates one. For this, I have used the Math.random function available in JavaScript. The genPattern function basically generates a random number between 1-4 and decides which pattern character to use based on it. This is repeated till the maximum password length is reached:

function genPattern(pintLen)
{
    var strRet = "";
    var iCntr  = 0;
    var rndNo  = 0;

    for (iCntr = 0; iCntr < pintLen; iCntr++)
    {
        rndNo = Math.floor((4 - 1 + 1) * Math.random() + 1)
        switch (rndNo)
        {
            case 1:
                strRet += "9";
                break;
            case 2:
                strRet += "U";
                break;
            case 3:
                strRet += "S";
                break;
            case 4:
                strRet += "L";
                break;
        }
    }
    return strRet;
}

Password generation

The actual password is generated by calling the getRandomChar(strCharSet, strProcessed, blnAllowDup) function for each pattern character in the pattern string till the maximum password length is reached.

Conclusion

Overall, this is a very simple script and compared to GeodSoft's password generator, offers limited options/flexibility. However it does satisfy the normal requirements. I checked the generated passwords with GeodSoft's Password Evaluator and found out that the password generated by this script is reasonably strong.

Release history

4^th Oct, 2005 - First release.
28^th Jan, 2006 - Bugs fixed. (Thanks to Mike for pointing out these bugs.)

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

Prasad Khandekar

Architect
Fundtech INDIA Ltd.

India

Member

I am a software professional with over 16 years of commercial business applications design and development experience.

My programming experience includes Java, .NET, Classic VB, ASP, Scripting, Power Builder, PHP, Magic & far far ago FoxPro, C, Assembly and COBOL.

For last 5 years I am mostly working on Java platform.

Article Top

Poor

Excellent

Add a reason or comment to your vote: x
Votes of 3 or less require a comment

Comments and Discussions

You must Sign In to use this message board. (secure sign-in)

Search this forum
	Profile popups Noise Layout Per page

few issues - infinite loop

livetalkvt

11:05 26 Jan '06

Thanks for the starter code. While reading the code I found an infinite loop in getRandomChar. Not sure what the proper fix should be.

If pblnAllowDup is false, and the requested password size is greater than the size of a character set as specified in the pattern.... the while loop will never exit.

For instance, if the password pattern contain's 15 "9"s and the requested size is greater than 10, the 11th call to genPattern will not return (although there's another bug... see below).

Of course there are other patterns that can lead to it. Any pattern where somebody inputs more than 10 "9"'s (or 26 U/L letters) would lead to this same state. (e.g. U9U9U9U9U9U9U9U9U9U9U9U9U9U9). Once the set is exhausted, the next call will cause an infinite loop.

I recommend that it throw an error (what's the spec Poke tongue | ;-P

? )

It appears that the first character in the set will never be used (I tried using 10 in my above example and it never returned... it wouldn't generate a zero, the Math.Random + 1 seems to cause this). So it won't generate a password with a 0, A, a, or ~ in it.

Question: how is pintMin used ? The code appears to always generate a password of length Max (although I do see range checking code that resets the value of Max if the input value is smaller than Min). I originally thought the function would return a password or random length between min and max.

Thanks,
-Mike

mike