Solved

Need Help With C# Password Generator

Posted on 2011-03-16
8
626 Views
Last Modified: 2013-12-17
We are starting to have too many machines to manage passwords for (Linux machines) and instead of using the same root password for everything, we want to generate passwords based on the following formula:

Seed Text + Fully Qualified Domain Name of Machine = Compliant Password

A compliant password under company policy is basically:
start with a letter (upper or lower case)
have at least 1 upper case letter
have at least 1 lower case letter
have at least 1 number
have at least 1 symbol
be at least 8 characters in length

My goal is to have a small GUI that can generate the same compliant password for a machine if the seed, and FQDN remain a constant.  That way when we are cycling passwords we can just type in a new seed, and be all set.  No more remembering passwords etc...  I have the form designed, and I just need the code to actually generate the password.  I will give the user credit in the About box under their name of choice ;)

Thanks

PS: I am using Visual Studio 2010 Team Edition if that makes any difference.
0
Comment
Question by:NewMacAdmin
  • 5
  • 3
8 Comments
 

Author Comment

by:NewMacAdmin
Comment Utility
Correction: A compliant password meets these requirements:
# Password contains at least eight non-blank characters, provided such passwords are allowed by the operating system or application.
# Password contains a combination of letters (a mixture of upper and lowercase), numbers, and at least one special character within the first seven positions, provided such passwords are allowed by the operating system or application.
# Password contains a nonnumeric in the first and last position.
# Password does not contain the user ID.
# Password does not include the user’s own or, to the best of his/her knowledge, close friends or relatives names, employee serial number, Social Security number, birth date, phone number, or any information about him/her that the user believes could be readily learned or guessed.
# Password does not, to the best of the user’s knowledge, include common words that would be in an English dictionary, or from another language with which the user has familiarity.
# Password does not, to the best of the user’s knowledge, employ commonly used proper names, including the name of any fictional character or place.
# Password does not contain any simple pattern of letters or numbers, such as “qwertyxx” or “xyz123xx.”

It still must be derived from the two text boxes containing Seed and FQDN

Thanks
0
 
LVL 10

Accepted Solution

by:
Mathiyazhagan earned 500 total points
Comment Utility
I have tried a sample with following constaints :
  1. start with a letter (upper or lower case)
  2.have at least 1 upper case letter
  3.have at least 1 lower case letter
  4.have at least 1 number
  5.have at least 1 symbol
  6.be at least 8 characters in length
  7.generate the same compliant password for a machine if the seed, and FQDN remain a constant
  8.It still must be derived from the  Seed and FQDN values

The given method generates the password base on seed, FQDN and max password length  .you can invoke thise
like,
      sPassword = GetCompliantPassword("may", "chnvsbt0033pc.in002.test.net", 8);

I am not  doing this :
# Password does not include the user’s own or, to the best of his/her knowledge, close friends or relatives names, employee serial number, Social Security number, birth date, phone number, or any information about him/her that the user believes could be readily learned or guessed
# Password does not, to the best of the user’s knowledge, include common words that would be in an English dictionary, or from another language with which the user has familiarity.
# Password does not, to the best of the user’s knowledge, employ commonly used proper names, including the name of any fictional character or place.
- as above all are change to person to person,language to languageand user knowledge.
still tou can do this in invoking place like :

            List<string> lstNotAlowed = new List<string>();
            lstNotAlowed.Add("is123456"); //emp code
            lstNotAlowed.Add("mathiksm"); //use name
            lstNotAlowed.Add("qwertyxx"); //easy password
            lstNotAlowed.Add("admin"); //fictional charcter
            bool isValidPassword = false;
            string sPassword = "";
            while (!isValidPassword)
            {
                sPassword = GetCompliantPassword("may", "chnvsbt0033pc.in002.test.net", 8);
                if (!lstNotAlowed.Contains(sPassword))
                    isValidPassword = true;
              else
              {
                  //change key seed like may0 and call the same method again until get correct password
              }
            }
            Console.WriteLine("Valid Password =" + sPassword);
private string  GetCompliantPassword(string sSeed, string sFQDN, int iMaxLength )
        {
            string newseed = sSeed + sFQDN;
            int iSeed = 0;
            foreach ( char ch  in newseed.ToCharArray() )
            {
                iSeed += ch;
            }
            Random rnd = new Random(iSeed);
            string sPassword = "";
            string sCharactersNotAllowed = ","; //add required charcters needed to be skip
            bool hasUpperCase, hasLowerCase, hasNumber, hasSymbol;
            hasUpperCase = hasLowerCase = hasSymbol = hasNumber = false;
            while (sPassword.Length != iMaxLength)
            {
                char ch = (char)rnd.Next(32, 126);
                if (sCharactersNotAllowed.IndexOf(ch) != -1)
                    continue;
                if (Char.IsUpper(ch) && !hasUpperCase)
                {
                    sPassword += ch;
                    hasUpperCase = true;
                }
                else if (Char.IsLower(ch) && !hasLowerCase)
                {
                    sPassword += ch;
                    hasLowerCase = true;
                }
                else if (sPassword.Length != 0 && sPassword.Length != iMaxLength-1)
                {
                    if (char.IsNumber(ch) && !hasNumber)
                    {
                        sPassword += ch;
                        hasNumber = true;
                    }
                    else if (Char.IsSymbol(ch) && !hasSymbol)
                    {
                        sPassword += ch;
                        hasSymbol = true;
                    }
                }
                if (sPassword.Length == iMaxLength - 1)
                {
                    hasUpperCase = hasLowerCase = false;
                }
                if (hasUpperCase && hasLowerCase && hasSymbol && hasNumber )
                    hasUpperCase = hasLowerCase = hasSymbol = hasNumber = false;
            }
            return sPassword;
        }

Open in new window

0
 
LVL 10

Assisted Solution

by:Mathiyazhagan
Mathiyazhagan earned 500 total points
Comment Utility
Oh , Forgot to explain logic in attached sample :

  1.we are creating a string by adding seed and FQDN
  2.we are generating inetger  seed vaue  by adding  ascii value of every character .
         foreach ( char ch  in newseed.ToCharArray() )
                 iSeed += ch;
     and creating random class with above seed
    3. genarating numbers, characters and symbol randomly  using their ascii values from 33 to 126
                char ch = (char)rnd.Next(32, 126);
         error in attcahed code. it should be has 33 as min malue
        refer here for ascii  values :http://ascii-table.com/ascii.php
   4.you can skip some of non os complaint those characted with in above range by adding them
        in   string "sCharactersNotAllowed "
   5. we are adding upper,lower, numbers and symbols as above uptp it meets max length.if we added
    a upper case character , we wont add it again until other types of character (lower, number,symbol) are added.
    we are doing the same all types inorder to get all kind od characters.
   
  6.we are skipping numbers and letters at first and last position


hope this form a required password as per your requirement.
   
 
         
0
 

Author Comment

by:NewMacAdmin
Comment Utility
Thanks for the code.  What do lines 42-50 do?
Also what name would you like to appear in the about box?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:NewMacAdmin
Comment Utility
Also the password HAS to START with a letter of any case
0
 
LVL 10

Assisted Solution

by:Mathiyazhagan
Mathiyazhagan earned 500 total points
Comment Utility
1.What do lines 42-50 do?
                if (sPassword.Length == iMaxLength - 1)
                {
                    hasUpperCase = hasLowerCase = false;
                }
        we have to skip symbol,numbers at last position. consider Max length = 8 and the generated password upto 7 characters is :  fF5+Nu> here, Uppercase and lowercase are filled and  then hasUpperCase = hasLowerCase  = true. so, it will skip uppper and lower case and we only have the chance of getting number and symbol.to avoid this situation, we have allow upper case and lower case to continue. so, we are making those values to false nad we are getting final password as fF5+Nu>J
            if (hasUpperCase && hasLowerCase && hasSymbol && hasNumber )
                    hasUpperCase = hasLowerCase = hasSymbol = hasNumber = false;
            }
if all the types are filled (all are true ) , we have to generate all those types again.so, we are making them as false.

2.Also the password HAS to START with a letter of any case

yes, it will either upper or lower case character first based on the seed.in our example,
GetCompliantPassword("apr", "chnvsbt0033pc.in002.test.net", 8) gives fF5+Nu>J
GetCompliantPassword("mar", "chnvsbt0033pc.in002.test.net", 8) gives R<s9N^cB

and finally , Also what name would you like to appear in the about box? :)
   Mathiyazhagan.KS

Thank you.
0
 

Author Comment

by:NewMacAdmin
Comment Utility
Ah ok. I may have misread something.  It is working perfectly.  Now I just need to make it so the software won't run outside our organization. (I have a good handle on that so far.)
0
 

Author Closing Comment

by:NewMacAdmin
Comment Utility
Worked perfectly.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Recently while returning home from work my wife (another .NET developer) was murmuring something. On further poking she said that she has been assigned a task where she has to serialize and deserialize objects and she is afraid of serialization. Wha…
Many of us here at EE write code. Many of us write exceptional code; just as many of us write exception-prone code. As we all should know, exceptions are a mechanism for handling errors which are typically out of our control. From database errors, t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now