I want to give maybe a million password to some users that should be like:
- it must have at least 6 characters
- it must have digits and also letters
Should I use Random here? How?
views:
416answers:
6
+6
A:
Use SecureRandom, it provides a more random passwords.
You can create a single password using something like this (note: untested code).
// put here all characters that are allowed in password
char[] allowedCharacters = {'a','b','c','1','2','3','4'};
SecureRandom random = new SecureRandom();
StringBuffer password = new StringBuffer();
for(int i = 0; i < PASSWORD_LENGTH; i++) {
password.append(allowedCharacters[ random.nextInt(allowedCharacters.length) ]);
}
Note that this does not guarantee that the every password will have both digits and characters.
Juha Syrjälä
2009-11-16 09:56:59
SecureRandom returns numbers, but she asked for numbers and letters.
Sylar
2009-11-16 10:04:24
This code is referencing a character array by the returned integer value, so it does indeed return characters and numbers!
badbod99
2009-11-16 10:07:50
Yes, now, but before the edit it did not.
Sylar
2009-11-16 10:11:32
can't stop to giggle whenever i read s.th. like "more random" :-}
mhaller
2009-11-16 21:03:19
+1
A:
What I would do is something like this:
- Create two arrays, one with the allowed letters and other with the allowed digits.
- Use Random to decide the length of the password.
- Use Random to decide whether the next character is a letter or a digit.
- Use Random once more to generate an index for the array of letters or digits (depending on wht you obtained in step 3). Append the obtained character to the password.
- Repeat from 3 until you have the amount of characters obtained in 2.
Konamiman
2009-11-16 09:58:49
@jk: You are right. Then the password should be checked at the end of the process, and if it contains only letters or only digits, it can be either discarded and and the process started over, or a few characters of the missing group could be added manually. Anyway this should happen rarely.
Konamiman
2009-11-16 10:24:07
A:
This will be the easiest one :)
String char_group = "abcdefghijklmnopqrstuvwxyz";
String digit_group = "123456789";
// first choose a len of pwd
Random ran = new Random();
int pwd_len = ran.nextInt(50); //50 is the max length of password,say
// check that pwd_len is not less than 6
// do the check here
// finally create the password..
StringBuffer pwd = new StringBuffer();
Random RNG = new Random();
for (int i = 0; i < pwd_len ; i++) {
int randomNum = RNG.nextInt(100);
char c = '';
// Here 25% is the ratio of mixing digits
// in the password, you can change 4 to any
// other value to change the depth of mix
// or you can even make it random.
if (randomNum % 4 == 0) {
c = digit_group[randomNum % digit_group.length];
} else {
c = char_group[randomNum % char_group.length];
}
pwd.append(c);
}
return pwd.toString();
Suraj Chandran
2009-11-16 10:03:38
This initializes random number generator inside loop, using current time. The password will not be very random. Also generated password may contain unprintable characters.
Juha Syrjälä
2009-11-16 10:05:55
@juha...thats definitely right, maybe i was half asleep while asnwering this...i will update the answer :)
Suraj Chandran
2009-11-16 13:13:47
HEY GUYS....i HAVE UPDATED MY ANSWER...PLEASE TAKE BACK YOUR DOWN VOTES :)
Suraj Chandran
2009-11-16 13:28:18
You are using the same random number to decide whether to use digits and characters and as a index to digit_group/char_group arrays. That is bit suspect. Also you should use much larger parameter to second RND.nextInt() call, something like MAX_INT, otherwise distribution of passwords may be skewed.
Juha Syrjälä
2009-11-17 06:38:40
+12
A:
RandomStringUtils from Apache Commons Lang provide some methods to generate a randomized String, that can be used as password.
Here are some examples of 8-characters passwords creation:
// Passwords with only alphabetic characters.
for (int i = 0; i < 8; i++) {
System.out.println(RandomStringUtils.randomAlphabetic(8));
}
System.out.println("--------");
// Passwords with alphabetic and numeric characters.
for (int i = 0; i < 8; i++) {
System.out.println(RandomStringUtils.randomAlphanumeric(8));
}
which creates the following result:
zXHzaLdG
oDtlFDdf
bqPbXVfq
tzQUWuxU
qBHBRKQP
uBLwSvnt
gzBcTnIm
yTUgXlCc
--------
khDzEFD2
cHz1p6yJ
3loXcBau
F6NJAQr7
PyfN079I
8tJye7bu
phfwpY6y
62q27YRt
Of course, you have also methods that may restrict the set of characters allowed for the password generation:
for (int i = 0; i < 8; i++) {
System.out.println(RandomStringUtils.random(8, "abcDEF123"));
}
will create only passwords with the characters a, b, c, D, E, F, 1, 2 or 3:
D13DD1Eb
cac1Dac2
FE1bD2DE
2ab3Fb3D
213cFEFD
3c2FEDDF
FDbFcc1E
b2cD1c11
romaintaz
2009-11-16 10:09:11
+1 the `randomAlphabetic` and `randomAlphaNumeric` are good for this, unless you want truly cryptographically random passwords.
skaffman
2009-11-16 10:22:13
A:
This is also a nice one:
String password = Integer.toString((int) (Math.random() * Integer.MAX_VALUE), 36);
It however does not guarantee that the password always contains both digits and letters, but most of the aforementioned suggestions also doesn't do that.
BalusC
2009-11-16 12:21:55
+1
A:
Here's one that I wrote a while back:
package com.stackoverflow.does.my.code.for.me;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.List;
public class PasswordUtil {
/** Minimum password length = 6 */
public static final int MIN_PASSWORD_LENGTH = 6;
/** Maximum password length = 8 */
public static final int MAX_PASSWORD_LENGTH = 8;
/** Uppercase characters A-Z */
public static final char[] UPPERS = new char[26];
/** Lowercase characters a-z */
public static final char[] LOWERS = new char[26];
/**
* Printable non-alphanumeric characters, excluding space.
*/
public static final char[] SPECIALS = new char[32];
public static final char[] DIGITS = new char[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
static {
// Static initializer block for populating arrays
int U = 'A';
int l = 'a';
int d = '0';
for (int i = 0; i < 26; i++) {
UPPERS[i] = (char) (U + i);
LOWERS[i] = (char) (l + i);
if (i < 10) {
DIGITS[i] = (char) (d + i);
}
}
int p = 0;
for (int s = 33; s < 127; s++) {
char specialChar = (char) 32;
if (s >= 'a' && s <= 'z')
s = 'z' + 1; // jump over 'a' to 'z'
else if (s >= 'A' && s <= 'Z')
s = 'Z' + 1; // jump over 'A' to 'Z'
else if (s >= '0' && s <= '9')
s = '9' + 1; // jump over '0' to '9'
specialChar = (char) s;
SPECIALS[p] = specialChar;
p++;
}
}
public String generatePassword() {
List<char[]> activeSets = new ArrayList<char[]>(4);
List<char[]> inactiveSets = new ArrayList<char[]>(4);
activeSets.add(UPPERS);
activeSets.add(LOWERS);
activeSets.add(SPECIALS);
activeSets.add(DIGITS);
SecureRandom random = new SecureRandom();
int passwordLength = 5 + random.nextInt(3);
StringBuffer password = new StringBuffer(passwordLength + 1);
for (int p = 0; p <= passwordLength; p++) {
char[] randomSet = null;
if (activeSets.size() > 1) {
int rSet = random.nextInt(activeSets.size());
randomSet = activeSets.get(rSet);
inactiveSets.add(randomSet);
activeSets.remove(rSet);
} else {
randomSet = activeSets.get(0);
inactiveSets.add(randomSet);
activeSets.clear();
activeSets.addAll(inactiveSets);
inactiveSets.clear();
}
int rChar = random.nextInt(randomSet.length);
char randomChar = randomSet[rChar];
password.append(randomChar);
}
return password.toString();
}
}
crowne
2009-11-16 20:57:10