Generating Random Passwords

Question

When a user on our site loses his password and heads off to the Lost Password page we need to give him a new temporary password  I don t really mind how random this is  or if it matches all the  needed  strong password rules  all I want to do is give them a password that they can change later   The application is a Web application written in C   so I was thinking of being mean and going for the easy route of using part of a Guid  i e   Guid NewGuid   ToString  d   Substring 1 8    Suggesstions  thoughts

User · Answer

I like to look at generating passwords  just like generating software keys   You should choose from an array of characters that follow a good practice   Take what  Radu094 answered with and modify it to follow good practice   Don t put every single letter in the character array   Some letters are harder to say or understand over the phone   You should also consider using a checksum on the password that was generated to make sure that it was generated by you   A good way of accomplishing this is to use the LUHN algorithm

User · Answer

Generate random password of specified length with    - Special characters      - Number   - Lowecase   - Uppercase    public static string CreatePassword int length   12                const string lower    abcdefghijklmnopqrstuvwxyz           const string upper    ABCDEFGHIJKLMNOPQRSTUVWXYZ           const string number    1234567890           const string special           amp              var middle   length   2          StringBuilder res   new StringBuilder            Random rnd   new Random            while  0  lt  length--                        if  middle    length                                res Append number rnd Next number Length                               else if  middle - 1    length                                res Append special rnd Next special Length                               else                               if  length   2    0                                        res Append lower rnd Next lower Length                                       else                                       res Append upper rnd Next upper Length                                                       return res ToString

User · Answer

The main goals of my code are    The distribution of strings is almost uniform  don t care about minor deviations  as long as they re small  It outputs more than a few billion strings for each argument set  Generating an 8 character string   47 bits of entropy  is meaningless if your PRNG only generates 2 billion  31 bits of entropy  different values  It s secure  since I expect people to use this for passwords or other security tokens    The first property is achieved by taking a 64 bit value modulo the alphabet size  For small alphabets  such as the 62 characters from the question  this leads to negligible bias  The second and third property are achieved by using RNGCryptoServiceProvider instead of System Random   using System  using System Security Cryptography   public static string GetRandomAlphanumericString int length        const string alphanumericCharacters            ABCDEFGHIJKLMNOPQRSTUVWXYZ             abcdefghijklmnopqrstuvwxyz             0123456789       return GetRandomString length  alphanumericCharacters      public static string GetRandomString int length  IEnumerable lt char gt  characterSet        if  length  lt  0          throw new ArgumentException  length must not be negative    length        if  length  gt  int MaxValue   8     250 million chars ought to be enough for anybody         throw new ArgumentException  length is too big    length        if  characterSet    null          throw new ArgumentNullException  characterSet        var characterArray   characterSet Distinct   ToArray        if  characterArray Length    0          throw new ArgumentException  characterSet must not be empty    characterSet         var bytes   new byte length   8       new RNGCryptoServiceProvider   GetBytes bytes       var result   new char length       for  int i   0  i  lt  length  i                  ulong value   BitConverter ToUInt64 bytes  i   8           result i    characterArray value    uint characterArray Length             return new string result        This is a copy of my answer to How can I generate random 8 character  alphanumeric strings in C

User · Answer

This is a lot larger  but I think it looks a little more comprehensive  http   www obviex com Samples Password aspx                                                                                     SAMPLE  Generates random password  which complies with the strong password            rules and does not contain ambiguous characters        To run this sample  create a new Visual C  project using the Console    Application template and replace the contents of the Class1 cs file with    the code below        THIS CODE AND INFORMATION IS PROVIDED  AS IS  WITHOUT WARRANTY OF ANY KIND     EITHER EXPRESSED OR IMPLIED  INCLUDING BUT NOT LIMITED TO THE IMPLIED    WARRANTIES OF MERCHANTABILITY AND OR FITNESS FOR A PARTICULAR PURPOSE         Copyright  C  2004 Obviex TM   All rights reserved      using System  using System Security Cryptography        lt summary gt      This class can generate random passwords  which do not include ambiguous      characters  such as I  l  and 1  The generated password will be made of     7-bit ASCII symbols  Every four characters will include one lower case     character  one upper case character  one number  and one special symbol      such as      in a random order  The password will always start with an     alpha-numeric character  it will not start with a special symbol  we do     this because some back-end systems do not like certain special     characters in the first position        lt  summary gt  public class RandomPassword          Define default min and max password lengths      private static int DEFAULT MIN PASSWORD LENGTH    8      private static int DEFAULT MAX PASSWORD LENGTH    10          Define supported password characters divided into groups         You can add  or remove  characters to  from  these groups      private static string PASSWORD CHARS LCASE     abcdefgijkmnopqrstwxyz       private static string PASSWORD CHARS UCASE     ABCDEFGHJKLMNPQRSTWXYZ       private static string PASSWORD CHARS NUMERIC   23456789       private static string PASSWORD CHARS SPECIAL     -    amp                    lt summary gt          Generates a random password           lt  summary gt           lt returns gt          Randomly generated password           lt  returns gt           lt remarks gt          The length of the generated password will be determined at         random  It will be no shorter than the minimum default and         no longer than maximum default           lt  remarks gt      public static string Generate                 return Generate DEFAULT MIN PASSWORD LENGTH                           DEFAULT MAX PASSWORD LENGTH                   lt summary gt          Generates a random password of the exact length           lt  summary gt           lt param name  length  gt          Exact password length           lt  param gt           lt returns gt          Randomly generated password           lt  returns gt      public static string Generate int length                return Generate length  length                   lt summary gt          Generates a random password           lt  summary gt           lt param name  minLength  gt          Minimum password length           lt  param gt           lt param name  maxLength  gt          Maximum password length           lt  param gt           lt returns gt          Randomly generated password           lt  returns gt           lt remarks gt          The length of the generated password will be determined at         random and it will fall with the range determined by the         function parameters           lt  remarks gt      public static string Generate int   minLength                                    int   maxLength                   Make sure that input parameters are valid          if  minLength  lt   0    maxLength  lt   0    minLength  gt  maxLength              return null              Create a local array containing supported password characters            grouped by types  You can remove character groups from this            array  but doing so will weaken the password strength          char     charGroups   new char                            PASSWORD CHARS LCASE ToCharArray                PASSWORD CHARS UCASE ToCharArray                PASSWORD CHARS NUMERIC ToCharArray                PASSWORD CHARS SPECIAL ToCharArray                          Use this array to track the number of unused characters in each            character group          int   charsLeftInGroup   new int charGroups Length               Initially  all characters in each group are not used          for  int i 0  i lt charsLeftInGroup Length  i                charsLeftInGroup i    charGroups i  Length              Use this array to track  iterate through  unused character groups          int   leftGroupsOrder   new int charGroups Length               Initially  all character groups are not used          for  int i 0  i lt leftGroupsOrder Length  i                leftGroupsOrder i    i              Because we cannot use the default randomizer  which is based on the            current time  it will produce the same  random  number within a            second   we will use a random number generator to seed the            randomizer              Use a 4-byte array to fill it with random bytes and convert it then            to an integer value          byte   randomBytes   new byte 4               Generate 4 random bytes          RNGCryptoServiceProvider rng   new RNGCryptoServiceProvider            rng GetBytes randomBytes               Convert 4 bytes into a 32-bit integer value          int seed   BitConverter ToInt32 randomBytes  0               Now  this is real randomization          Random  random    new Random seed               This array will hold password characters          char   password   null              Allocate appropriate memory for the password          if  minLength  lt  maxLength              password   new char random Next minLength  maxLength 1            else             password   new char minLength               Index of the next character to be added to password          int nextCharIdx              Index of the next character group to be processed          int nextGroupIdx              Index which will be used to track not processed character groups          int nextLeftGroupsOrderIdx              Index of the last non-processed character in a group          int lastCharIdx              Index of the last non-processed group          int lastLeftGroupsOrderIdx   leftGroupsOrder Length - 1              Generate password characters one at a time          for  int i 0  i lt password Length  i                             If only one character group remained unprocessed  process it                 otherwise  pick a random character group from the unprocessed                group list  To allow a special character to appear in the                first position  increment the second parameter of the Next                function call by one  i e  lastLeftGroupsOrderIdx   1              if  lastLeftGroupsOrderIdx    0                  nextLeftGroupsOrderIdx   0              else                 nextLeftGroupsOrderIdx   random Next 0                                                        lastLeftGroupsOrderIdx                   Get the actual index of the character group  from which we will                pick the next character              nextGroupIdx   leftGroupsOrder nextLeftGroupsOrderIdx                   Get the index of the last unprocessed characters in this group              lastCharIdx   charsLeftInGroup nextGroupIdx  - 1                  If only one unprocessed character is left  pick it  otherwise                 get a random character from the unused character list              if  lastCharIdx    0                  nextCharIdx   0              else                 nextCharIdx   random Next 0  lastCharIdx 1                   Add this character to the password              password i    charGroups nextGroupIdx  nextCharIdx                   If we processed the last character in this group  start over              if  lastCharIdx    0                  charsLeftInGroup nextGroupIdx                                               charGroups nextGroupIdx  Length                 There are more unprocessed characters left              else                                  Swap processed character with the last unprocessed character                    so that we don t pick it until we process all characters in                    this group                  if  lastCharIdx    nextCharIdx                                        char temp   charGroups nextGroupIdx  lastCharIdx                       charGroups nextGroupIdx  lastCharIdx                                     charGroups nextGroupIdx  nextCharIdx                       charGroups nextGroupIdx  nextCharIdx    temp                                       Decrement the number of unprocessed characters in                    this group                  charsLeftInGroup nextGroupIdx --                                If we processed the last group  start all over              if  lastLeftGroupsOrderIdx    0                  lastLeftGroupsOrderIdx   leftGroupsOrder Length - 1                 There are more unprocessed groups left              else                                  Swap processed group with the last unprocessed group                    so that we don t pick it until we process all groups                  if  lastLeftGroupsOrderIdx    nextLeftGroupsOrderIdx                                        int temp   leftGroupsOrder lastLeftGroupsOrderIdx                       leftGroupsOrder lastLeftGroupsOrderIdx                                     leftGroupsOrder nextLeftGroupsOrderIdx                       leftGroupsOrder nextLeftGroupsOrderIdx    temp                                       Decrement the number of unprocessed groups                  lastLeftGroupsOrderIdx--                                      Convert password characters into a string and return the result          return new string password                  lt summary gt      Illustrates the use of the RandomPassword class       lt  summary gt  public class RandomPasswordTest            lt summary gt          The main entry point for the application           lt  summary gt       STAThread      static void Main string   args                   Print 100 randomly generated passwords  8-to-10 char long           for  int i 0  i lt 100  i                Console WriteLine RandomPassword Generate 8  10                  END OF FILE

User · Answer

On my website I use this method         Symb array     private const string  SymbolsAll             amp       -                gt   lt           Random symb     public string GetSymbol int Length                Random Rand   new Random DateTime Now Millisecond           StringBuilder result   new StringBuilder            for  int i   0  i  lt  Length  i                result Append  SymbolsAll Rand Next 0   SymbolsAll Length             return result ToString            Edit string  SymbolsAll for your array list

User · Answer

Insert a Timer  timer1  2 buttons  button1  button2  1 textBox  textBox1  and a comboBox  comboBox1  Make sure you declare   int count   0      Source Code    private void button1 Click object sender  EventArgs e               This clears the textBox  resets the count  and starts the timer         count   0          textBox1 Clear            timer1 Start               private void timer1 Tick object sender  EventArgs e               This generates the password  and types it in the textBox         count    1              string possible    abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890               string psw                   Random rnd   new Random                  psw    possible rnd Next possible Length                textBox1 Text    psw              if  count     comboBox1 SelectedIndex   1                                 timer1 Stop                            private void Form1 Load object sender  EventArgs e                   This adds password lengths to the comboBox to choose from          comboBox1 Items Add  1            comboBox1 Items Add  2            comboBox1 Items Add  3            comboBox1 Items Add  4            comboBox1 Items Add  5            comboBox1 Items Add  6            comboBox1 Items Add  7            comboBox1 Items Add  8            comboBox1 Items Add  9            comboBox1 Items Add  10            comboBox1 Items Add  11            comboBox1 Items Add  12              private void button2 click object sender  EventArgs e                   This encrypts the password         tochar   textBox1 Text          textBox1 Clear            char   carray   tochar ToCharArray            for  int i   0  i  lt  carray Length  i                          int num   Convert ToInt32 carray i     10              string cvrt   Convert ToChar num  ToString                textBox1 Text    cvrt

User · Answer

I created this method similar to the available in the membership provider  This is usefull if you don t want to add the web reference in some applications   It works great   public static string GeneratePassword int Length  int NonAlphaNumericChars                string allowedChars    abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNOPQRSTUVWXYZ0123456789           string allowedNonAlphaNum           amp     -         lt  gt                Random rd   new Random             if  NonAlphaNumericChars  gt  Length    Length  lt   0    NonAlphaNumericChars  lt  0              throw new ArgumentOutOfRangeException                 char   pass   new char Length               int   pos   new int Length               int i   0  j   0  temp   0              bool flag   false                 Random the position values of the pos array for the string Pass             while  i  lt  Length - 1                                j   0                  flag   false                  temp   rd Next 0  Length                   for  j   0  j  lt  Length  j                        if  temp    pos j                                                 flag   true                          j   Length                                         if   flag                                        pos i    temp                      i                                                   Random the AlphaNumericChars             for  i   0  i  lt  Length - NonAlphaNumericChars  i                    pass i    allowedChars rd Next 0  allowedChars Length                   Random the NonAlphaNumericChars             for  i   Length - NonAlphaNumericChars  i  lt  Length  i                    pass i    allowedNonAlphaNum rd Next 0  allowedNonAlphaNum Length                   Set the sorted array values by the pos array for the rigth posistion             char   sorted   new char Length               for  i   0  i  lt  Length  i                    sorted i    pass pos i                 string Pass   new String sorted                return Pass

User · Answer

public string Sifre Uret int boy  int noalfa             01 03 2016           Genel ama  li sifre   retme fonksiyonu         Fonskiyon 128 den b  y  k olmasina izin vermiyor      if  boy  gt  128     boy   128        if  noalfa  gt  128    noalfa   128        if  noalfa  gt  boy    noalfa   boy          string passch   System Web Security Membership GeneratePassword boy  noalfa          URL encoding ve Url Pass   json sorunu yaratabilecekler pass ediliyor        Microsoft Garanti etmiyor  Alfa Sayisallar Olabiliyorimis          amp     -         lt  gt             https   msdn microsoft com tr-tr library system web security membership generatepassword v vs 110  aspx         URL ve Json ajax lar i  in filtreleme     passch   passch Replace       z        passch   passch Replace       W        passch   passch Replace       t        passch   passch Replace        r        passch   passch Replace                passch   passch Replace        e         passch   passch Replace       9        passch   passch Replace   amp     8        passch   passch Replace       D        passch   passch Replace       u        passch   passch Replace       4        passch   passch Replace       1         passch   passch Replace       2        passch   passch Replace       3        passch   passch Replace       g        passch   passch Replace       J            passch   passch Replace       6          passch   passch Replace       0          passch   passch Replace       p          passch   passch Replace       4          passch   passch Replace       u          passch   passch Replace       Z          passch   passch Replace       5          passch   passch Replace       a         passch   passch Replace       V        passch   passch Replace       N        passch   passch Replace       w        passch   passch Replace  -    7             return passch

User · Answer

Here Is what i put together quickly        public string GeneratePassword int len                string res               Random rnd   new Random            while  res Length  lt  len  res     new Func lt Random  string gt   r    gt                char c    char   r Next 123    DateTime Now Millisecond   123                 return  Char IsLetterOrDigit c     c ToString                      rnd           return res

User · Answer

There s always System Web Security Membership GeneratePassword int length  int numberOfNonAlphanumericCharacters

User · Answer

I ll add another ill-advised answer to the pot   I have a use case where I need random passwords for machine-machine communication  so I don t have any requirement for human readability  I also don t have access to Membership GeneratePassword in my project  and don t want to add the dependency   I am fairly certain Membership GeneratePassword is doing something similar to this  but here you can tune the pools of characters to draw from   public static class PasswordGenerator       private readonly static Random  rand   new Random         public static string Generate int length   24                const string lower    abcdefghijklmnopqrstuvwxyz           const string upper    ABCDEFGHIJKLMNOPQRSTUVWXYZ           const string number    1234567890           const string special           amp   -                 Get cryptographically random sequence of bytes         var bytes   new byte length           new RNGCryptoServiceProvider   GetBytes bytes               Build up a string using random bytes and character classes         var res   new StringBuilder            foreach byte b in bytes                           Randomly select a character class for each byte             switch   rand Next 4                                    In each case use mod to project byte b to the correct range                 case 0                      res Append lower b   lower Count                          break                  case 1                      res Append upper b   upper Count                          break                  case 2                      res Append number b   number Count                          break                  case 3                      res Append special b   special Count                          break                                  return res ToString              And some example output   PasswordGenerator Generate 12   pzY 64 -ChS    BG0OsyLbYnI    l9 5 2 amp adj i      Ws9d  O X   IWhdIN-  amp O s    To preempt complaints about the use of Random  The primary source of randomness is still the crypto RNG  Even if you could deterministically preordain the sequence coming out of Random  say it only produced 1  you still wouldn t know the next char that would be picked  though that would limit the range of possibilities    One simple extension would be to add weighting to the different character sets  which could be as simple as upping the max value and adding fall-through cases to increase weight   switch   rand Next 6            Prefer letters 2 1     case 0      case 1          res Append lower b   lower Count              break      case 2      case 3          res Append upper b   upper Count              break      case 4          res Append number b   number Count              break      case 5          res Append special b   special Count              break      For a more humanistic random password generator I once implemented a prompt system using the EFF dice-word list

User · Answer

check this code    I added the  remove length  to improve anaximander s response  public string GeneratePassword int length                 RNGCryptoServiceProvider cryptRNG   new RNGCryptoServiceProvider            byte   tokenBuffer   new byte length           cryptRNG GetBytes tokenBuffer           return Convert ToBase64String tokenBuffer  Remove length

User · Answer

This package allows you to generate a random password while fluently indicating which characters it should contain  if needed    https   github com prjseal PasswordGenerator   Example   var pwd   new Password   IncludeLowercase   IncludeUppercase   IncludeSpecial    var password   pwd Next

User · Answer

This is short and it works great for me   public static string GenerateRandomCode int length        Random rdm   new Random        StringBuilder sb   new StringBuilder         for int i   0  i  lt  length  i            sb Append Convert ToChar rdm Next 101 132          return sb ToString

User · Answer

validChars can be any construct  but I decided to select based on ascii code ranges removing control chars  In this example  it is a 12 character string    string validChars   String Join     Enumerable Range 33   126 - 33   Where i   gt    new int     34  38  39  44  60  62  96    Contains i   Select i   gt    return  char i       string Join     Enumerable Range 1  12  Select i   gt    return validChars  new Random Guid NewGuid   GetHashCode     Next 0  validChars Length - 1

User · Answer

Added some supplemental code to the accepted answer   It improves upon answers just using Random and allows for some password options   I also liked some of the options from the KeePass answer but did not want to include the executable in my solution   private string RandomPassword int length  bool includeCharacters  bool includeNumbers  bool includeUppercase  bool includeNonAlphaNumericCharacters  bool includeLookAlikes        if  length  lt  8    length  gt  128  throw new ArgumentOutOfRangeException  length        if   includeCharacters  amp  amp   includeNumbers  amp  amp   includeNonAlphaNumericCharacters  throw new ArgumentException  RandomPassword-Key arguments all false  no values would be returned         string pw           do               pw    System Web Security Membership GeneratePassword 128  25           pw   RemoveCharacters pw  includeCharacters  includeNumbers  includeUppercase  includeNonAlphaNumericCharacters  includeLookAlikes         while  pw Length  lt  length        return pw Substring 0  length      private string RemoveCharacters string passwordString  bool includeCharacters  bool includeNumbers  bool includeUppercase  bool includeNonAlphaNumericCharacters  bool includeLookAlikes        if   includeCharacters                var remove   new string      a    b    c    d    e    f    g    h    i    j    k    l    m    n    o    p    q    r    s    t    u    v    w    x    y    z             foreach  string r in remove                        passwordString   passwordString Replace r  string Empty               passwordString   passwordString Replace r ToUpper    string Empty                        if   includeNumbers                var remove   new string      0    1    2    3    4    5    6    7    8    9             foreach  string r in remove              passwordString   passwordString Replace r  string Empty              if   includeUppercase          passwordString   passwordString ToLower         if   includeNonAlphaNumericCharacters                var remove   new string                                     amp                    -                                                             lt      gt                             foreach  string r in remove              passwordString   passwordString Replace r  string Empty              if   includeLookAlikes                var remove   new string                0    O    o    1    i    I    l                                 foreach  string r in remove              passwordString   passwordString Replace r  string Empty              return passwordString      This was the first link when I searched for generating random passwords and the following is out of scope for the current question but might be important to consider      Based upon the assumption that System Web Security Membership GeneratePassword is cryptographically secure with a minimum of 20  of the characters being Non-Alphanumeric  Not sure if removing characters and appending strings is considered good practice in this case and provides enough entropy  Might want to consider implementing in some way with SecureString for secure password storage in memory

User · Answer

I don t like the passwords that Membership GeneratePassword   creates  as they re too ugly and have too many special characters   This code generates a 10 digit not-too-ugly password   string password   Guid NewGuid   ToString  N   ToLower                          Replace  1       Replace  o       Replace  0                             Substring 0 10     Sure  I could use a Regex to do all the replaces but this is more readable and maintainable IMO

User · Answer

public string CreatePassword int length            const string valid    abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890           StringBuilder res   new StringBuilder            Random rnd   new Random            while  0  lt  length--                        res Append valid rnd Next valid Length                       return res ToString        This has a good benefit of being able to choose from a list of available characters for the generated password  e g  digits only  only uppercase or only lowercase etc

User · Answer

I ve always been very happy with the password generator built-in to KeePass   Since KeePass is a  Net program  and open source  I decided to dig around the code a bit   I ended up just referncing KeePass exe  the copy provided in the standard application install  as a reference in my project and writing the code below   You can see how flexible it is thanks to KeePass   You can specify length  which characters to include not include  etc     using KeePassLib Cryptography PasswordGenerator  using KeePassLib Security    public static string GeneratePassword int passwordLength  bool lowerCase  bool upperCase  bool digits          bool punctuation  bool brackets  bool specialAscii  bool excludeLookAlike                var ps   new ProtectedString            var profile   new PwProfile            profile CharSet   new PwCharSet            profile CharSet Clear             if  lowerCase              profile CharSet AddCharSet  l            if upperCase              profile CharSet AddCharSet  u            if digits              profile CharSet AddCharSet  d            if  punctuation              profile CharSet AddCharSet  p            if  brackets              profile CharSet AddCharSet  b            if  specialAscii              profile CharSet AddCharSet  s             profile ExcludeLookAlike   excludeLookAlike          profile Length    uint passwordLength          profile NoRepeatingCharacters   true           KeePassLib Cryptography PasswordGenerator PwGenerator Generate out ps  profile  null   pool            return ps ReadString

User · Answer

public static string GeneratePassword int passLength            var chars    abcdefghijklmnopqrstuvwxyz    amp ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789           var random   new Random            var result   new string              Enumerable Repeat chars  passLength                         Select s   gt  s random Next s Length                           ToArray             return result

User · Answer

I know that this is an old thread  but I have what might be a fairly simple solution for someone to use  Easy to implement  easy to understand  and easy to validate   Consider the following requirement      I need a random password to be generated which has at least 2 lower-case letters  2 upper-case letters and 2 numbers  The password must also be a minimum of 8 characters in length    The following regular expression can validate this case        b w  a-z    a-z  w  b     b w  A-Z    A-Z  w  b     b w  0-9    0-9  w  b  a-zA-Z0-9  8      It s outside the scope of this question - but the regex is based on lookahead lookbehind and lookaround   The following code will create a random set of characters which match this requirement   public static string GeneratePassword int lowercase  int uppercase  int numerics        string lowers    abcdefghijklmnopqrstuvwxyz       string uppers    ABCDEFGHIJKLMNOPQRSTUVWXYZ       string number    0123456789        Random random   new Random         string generated            for  int i   1  i  lt   lowercase  i            generated   generated Insert              random Next generated Length                lowers random Next lowers Length - 1   ToString                   for  int i   1  i  lt   uppercase  i            generated   generated Insert              random Next generated Length                uppers random Next uppers Length - 1   ToString                   for  int i   1  i  lt   numerics  i            generated   generated Insert              random Next generated Length                number random Next number Length - 1   ToString                   return generated Replace      string Empty        To meet the above requirement  simply call the following   String randomPassword   GeneratePassword 3  3  3     The code starts with an invalid character       - so that the string has a length into which new characters can be injected   It then loops from 1 to the   of lowercase characters required  and on each iteration  grabs a random item from the lowercase list  and injects it at a random location in the string   It then repeats the loop for uppercase letters and for numerics   This gives you back strings of length   lowercase   uppercase   numerics into which lowercase  uppercase and numeric characters of the count you want have been placed in a random order

User · Answer

I use this code for generate password with balance composition of alphabet  numeric and non alpha numeric chars      public static string GeneratePassword int Length  int NonAlphaNumericChars                string allowedChars    abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNOPQRSTUVWXYZ0123456789           string allowedNonAlphaNum           amp     -         lt  gt                string pass               Random rd   new Random DateTime Now Millisecond           for  int i   0  i  lt  Length  i                          if  rd Next 1   gt  0  amp  amp  NonAlphaNumericChars  gt  0                                pass    allowedNonAlphaNum rd Next allowedNonAlphaNum Length                    NonAlphaNumericChars--                            else                               pass    allowedChars rd Next allowedChars Length                                    return pass

User · Answer

I created this class that uses RNGCryptoServiceProvider and it is flexible  Example   var generator   new PasswordGenerator minimumLengthPassword  8                                        maximumLengthPassword  15                                        minimumUpperCaseChars  2                                        minimumNumericChars  3                                        minimumSpecialChars  2   string password   generator Generate

User · Answer

If you want to make use of the cryptographically secure random number generation used by System Web Security Membership GeneratePassword but also want to restrict the character set to alphanumeric characters  you can filter the result with a regex   static string GeneratePassword int characterCount        string password   String Empty      while password Length  lt  characterCount          password    Regex Replace System Web Security Membership GeneratePassword 128  0      a-zA-Z0-9    string Empty       return password Substring 0  characterCount

User · Answer

For this sort of password  I tend to use a system that s likely to generate more easily  used  passwords  Short  often made up of pronouncable fragments and a few numbers  and with no intercharacter ambiguity  is that a 0 or an O  A 1 or an I    Something like  string   words      bur    ler    meh    ree     string word        Random rnd   new Random    for  i   0  i  lt  3  i       word    words rnd Next words length    int numbCount   rnd Next 4   for  i   0  i  lt  numbCount  i      word     2   rnd Next 7   ToString     return word     Typed right into the browser  so use only as guidelines  Also  add more words

User · Answer

public string GenerateToken int length        using  RNGCryptoServiceProvider cryptRNG   new RNGCryptoServiceProvider                  byte   tokenBuffer   new byte length           cryptRNG GetBytes tokenBuffer           return Convert ToBase64String tokenBuffer              You could also have the class where this method lives implement IDisposable  hold a reference to the RNGCryptoServiceProvider  and dispose of it properly  to avoid repeatedly instantiating it    It s been noted that as this returns a base-64 string  the output length is always a multiple of 4  with the extra space using   as a padding character  The length parameter specifies the length of the byte buffer  not the output string  and is therefore perhaps not the best name for that parameter  now I think about it   This controls how many bytes of entropy the password will have  However  because base-64 uses a 4-character block to encode each 3 bytes of input  if you ask for a length that s not a multiple of 3  there will be some extra  space   and it ll use   to fill the extra   If you don t like using base-64 strings for any reason  you can replace the Convert ToBase64String   call with either a conversion to regular string  or with any of the Encoding methods  eg  Encoding UTF8 GetString tokenBuffer  - just make sure you pick a character set that can represent the full range of values coming out of the RNG  and that produces characters that are compatible with wherever you re sending or storing this  Using Unicode  for example  tends to give a lot of Chinese characters  Using base-64 guarantees a widely-compatible set of characters  and the characteristics of such a string shouldn t make it any less secure as long as you use a decent hashing algorithm

[c#] Generating Random Passwords

Examples related to c#

Examples related to passwords

Examples related to random