Or is there a software to auto generate random passwords?
+7
A:
Just build a string of random a-z, A-Z, 0-9 (or whatever you want) up to the desired length. Here's an example in PHP:
function generatePassword($length = 8) {
$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$count = mb_strlen($chars);
for ($i = 0, $result = ''; $i < $length; $i++) {
$index = rand(0, $count - 1);
$result .= mb_substr($chars, $index, 1);
}
return $result;
}
To optimize, you can define $chars as a static variable or constant in the method (or parent class) if you'll be calling this function many times during a single execution.
Matt Huggins
2009-12-03 03:28:50
An alternative could always be to str_shuffle() the string and select random characters if you want more randomization.
David
2009-12-03 03:35:16
Adding on to David's comment, you could easily just do something like... $chars = 'blah'; return substr( str_shuffle( $chars ), 0, $length ); and make your function two lines.
William
2009-12-03 03:46:46
I would remove the vowels because the wrong people will always get the bad results (it has happened twice to me).
MathGladiator
2009-12-03 04:10:26
It's more academic to bring this up, but in any solution that uses a (deterministic) php-based function (rand() or a hash function), it's a pseudo-random, not true random-seeded algorithm. You could replace that portion with an API call to an atmospheric noise-based web service (e.g. http://www.random.org/clients/http/ ) Granted, probably not worth the added dependency for the difference in randomness in most cases.
micahwittman
2009-12-03 04:31:29
@William - simply using str_shuffle won't be as random, as you'll end up with zero or one "a", zero or one "b", zero or one "c", etc. You will never have repeat characters, which decreases the value significantly in my opinion.
Matt Huggins
2009-12-03 05:11:07
if you do go with a method like this, i'd recommend removing all vowels, as well as `l`, `1`, `0` and `o`, since they can be confusing for users, depending on your font.
nickf
2009-12-03 08:45:26
A:
I actually wrote myself two libraries that I released under GPL V2.0 for generating passwords of any given strength, feel free to check them out and use them if you like.
Www.projects.semanticalsyntax.com Source is avaliable for both.
David
2009-12-03 03:33:50
A:
$password = hash('sha512', rand());
Shouldn't be too hard to remember. This might be easier to remember though:
$password = substr(hash('sha512',rand()),0,12); // Reduces the size to 12 chars
There's only 16 possible characters being used, but that's still 16^12 possible passwords (at 300,000 passwords/second, it would take 29 years to crack).
Brendan Long
2009-12-03 03:44:38
It "could" take 29 years to crack. It could also be cracked on the first try though. :) Also, there is no point in using sha512 vs md5 for what you're doing except md5 would be faster.
William
2009-12-03 03:49:27
It would be MUCH faster to crack this if the algorithm is known (or as simple as this is, guessed). By just using rand() to generate hashes, you're limiting yourself to as few as 32,768 possible passwords (on Windows). Reducing to 12 characters makes an already insecure password even less secure.
Dolph
2009-12-03 04:06:52
Yeah I realized that md5 would be the same, but I like sha512 :D It's mostly a joke. I thought the fixed the rand() on windows problem though..
Brendan Long
2009-12-03 04:10:56
+1
A:
I want to play the game. The simplest way would be to do:
function rand_passwd( $length = 8, $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' ) {
return substr( str_shuffle( $chars ), 0, $length );
}
This is pretty much just a modification of the first answer. Specify the characters you want in the second parameters and the length of the password in the first.
William
2009-12-03 03:50:47
This is just a repeat comment that I posted in response to your comment on my answer: Simply using str_shuffle won't be as random, as you'll end up with zero or one "a", zero or one "b", zero or one "c", etc. You will never have repeat characters, which decreases the value significantly in my opinion.
Matt Huggins
2009-12-03 05:12:24
A:
Here's a simple solution. It will contain lowercase letters and numbers.
substr(str_shuffle(strtolower(sha1(rand() . time() . "my salt string"))),0, $PASSWORD_LENGTH);
Here's A stronger solution randomly generates the character codes in the desired character range for a random length within a desired range.
function generateRandomPassword() {
//Initialize the random password
$password = '';
//Initialize a random desired length
$desired_length = rand(8, 12);
for($length = 0; $length < $desired_length; $length++) {
//Append a random ASCII character (including symbols)
$password .= chr(rand(32, 126));
}
return $password;
}
Dolph
2009-12-03 04:03:39
A:
I wrote one some time ago. It's not random though. It generates passwords based on hashes of inputs you choose. It might be more useful than a truly random password generator. --> http://trashb.in/pwgen
The implementation of the password generation is in Javascript, so it doesn't post any of your details to me. Feel free to use it and/or grab the code.
donaq
2009-12-03 04:07:56
A:
You could just use PEAR's Text_Password package - it supports quite a few algorithms for generating them; and frees up your time to go onto something else.
kguest
2009-12-03 08:42:40