This article is another simple but robust password generator based on similar concepts presented in Kevin Stewart's C# Password Generator.
My purpose for creating this example stemmed from evaluating various third party password generation tools and wanting to know what it would really take to implement my own password generator. In my research I came across Kevin Stewart's article and noticed his use of the
RNGCryptoServiceProvider and became curious why this class from the
Cryptography namespace was used instead of the
Further research on the
RNGCryptoServiceProvider class led me to find it makes use of Windows modules that have completed FIPS-140 (Federal Information Processing Standard) US government standard which provide a benchmark for implementing cryptographic software. See the Microsoft FIPS - 140 Evaluation article for more information.
The types of characters included in the passwords needed to be configurable. The length of the password needed to have a variant length that was chosen randomly. Finally I wanted to randomly determine which character type to append (number, uppercase, lowercase or symbol).
Below I've outlined the purpose for each of the methods included in the process of creating the passwords.
This method provides a wrapper around the
RNGCryptoServiceProvider class allowing for easy creation of a random number. See below...
public static int Next(int max)
if(max <= 0)
throw new ArgumentOutOfRangeException("max");
int value = BitConverter.ToInt32(bytes, 0) % max;
if(value < 0)
value = -value;
_Random field being used by this method is a static instance of the
char arrays below define the character types that are available for use during password generation.
private static readonly char _Letters = "ABCDEFGHIJKLMNOPQRSTUVWXYZ".ToCharArray();
private static readonly char _Numbers = "1234567890".ToCharArray();
private static readonly char _Symbols = "!@#$%^&*.?".ToCharArray();
Create method does four different functions. It initializes the available character types, determines the length of the password to create, creates and finally returns the generated password.
public string Create()
_CharacterTypes = getCharacterTypes();
StringBuilder password = new StringBuilder(_MaximumLength);
int currentPasswordLength = RandomNumber.Next(_MaximumLength);
if(currentPasswordLength < _MinimumLength)
currentPasswordLength = _MinimumLength;
for(int i = 0; i < currentPasswordLength; i++)
I used an
enum to to indicate which character types were available to create the passwords. In this method I iterate through the character types and determine if a particular character type is available for use based on a value set to a corresponding property that indicates whether or not to include a given character type.
private string getCharacterTypes()
ArrayList characterTypes = new ArrayList();
foreach(string characterType in Enum.GetNames(typeof(CharacterType)))
CharacterType currentType =
bool addType = false;
addType = IncludeLower;
addType = IncludeNumber;
addType = IncludeSpecial;
addType = IncludeUpper;
This method randomly determines which type of character to get from the character types, then randomly determines which character from that subset and returns the value.
private string getCharacter()
string characterType =
CharacterType typeToGet =
(CharacterType)Enum.Parse(typeof(CharacterType), characterType, false);
The example is easy to use and very configurable.
Accept the defaults
If you'd just like to accept the default pre-initialized lengths and to include all of the character types, it's as easy as the following two lines of code:
Password password = new Password();
Configure the types of characters to include
There are properties in the
Password class allowing you to indicate whether or not you'd like to
IncludeSymbols (!@#$) and
IncludeNumbers (12345*). These properties can be set after a password object has already been created or they can be set during the creation of the object via parameters in the constructor.
Password password = new Password(false, false, true, false);
Create fixed length passwords
One recent suggestion by Gabe Wishnie was to make it so you could explicitly set the password length without having the length chosen at random. A quick test showed this functionality was already built in if used in the following manner.
Password password = new Password();
password.MinimumLength = 8;
password.MaximumLength = 8;
The value in this project can be seen as it could be applied to various concepts. The random number method supplied in this article or Kevin Stewart's could also be used to randomly select words from a string array read from a text file. Combine this with a Captcha control and you'll have a decent validation control. Hope all of you find my implementation of use!