?
Solved

Need Help With C# Password Generator

Posted on 2011-03-16
8
Medium Priority
?
646 Views
Last Modified: 2013-12-17
We are starting to have too many machines to manage passwords for (Linux machines) and instead of using the same root password for everything, we want to generate passwords based on the following formula:

Seed Text + Fully Qualified Domain Name of Machine = Compliant Password

A compliant password under company policy is basically:
start with a letter (upper or lower case)
have at least 1 upper case letter
have at least 1 lower case letter
have at least 1 number
have at least 1 symbol
be at least 8 characters in length

My goal is to have a small GUI that can generate the same compliant password for a machine if the seed, and FQDN remain a constant.  That way when we are cycling passwords we can just type in a new seed, and be all set.  No more remembering passwords etc...  I have the form designed, and I just need the code to actually generate the password.  I will give the user credit in the About box under their name of choice ;)

Thanks

PS: I am using Visual Studio 2010 Team Edition if that makes any difference.
0
Comment
Question by:NewMacAdmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 

Author Comment

by:NewMacAdmin
ID: 35152310
Correction: A compliant password meets these requirements:
# Password contains at least eight non-blank characters, provided such passwords are allowed by the operating system or application.
# Password contains a combination of letters (a mixture of upper and lowercase), numbers, and at least one special character within the first seven positions, provided such passwords are allowed by the operating system or application.
# Password contains a nonnumeric in the first and last position.
# Password does not contain the user ID.
# Password does not include the user’s own or, to the best of his/her knowledge, close friends or relatives names, employee serial number, Social Security number, birth date, phone number, or any information about him/her that the user believes could be readily learned or guessed.
# Password does not, to the best of the user’s knowledge, include common words that would be in an English dictionary, or from another language with which the user has familiarity.
# Password does not, to the best of the user’s knowledge, employ commonly used proper names, including the name of any fictional character or place.
# Password does not contain any simple pattern of letters or numbers, such as “qwertyxx” or “xyz123xx.”

It still must be derived from the two text boxes containing Seed and FQDN

Thanks
0
 
LVL 10

Accepted Solution

by:
Mathiyazhagan earned 2000 total points
ID: 35154960
I have tried a sample with following constaints :
  1. start with a letter (upper or lower case)
  2.have at least 1 upper case letter
  3.have at least 1 lower case letter
  4.have at least 1 number
  5.have at least 1 symbol
  6.be at least 8 characters in length
  7.generate the same compliant password for a machine if the seed, and FQDN remain a constant
  8.It still must be derived from the  Seed and FQDN values

The given method generates the password base on seed, FQDN and max password length  .you can invoke thise
like,
      sPassword = GetCompliantPassword("may", "chnvsbt0033pc.in002.test.net", 8);

I am not  doing this :
# Password does not include the user’s own or, to the best of his/her knowledge, close friends or relatives names, employee serial number, Social Security number, birth date, phone number, or any information about him/her that the user believes could be readily learned or guessed
# Password does not, to the best of the user’s knowledge, include common words that would be in an English dictionary, or from another language with which the user has familiarity.
# Password does not, to the best of the user’s knowledge, employ commonly used proper names, including the name of any fictional character or place.
- as above all are change to person to person,language to languageand user knowledge.
still tou can do this in invoking place like :

            List<string> lstNotAlowed = new List<string>();
            lstNotAlowed.Add("is123456"); //emp code
            lstNotAlowed.Add("mathiksm"); //use name
            lstNotAlowed.Add("qwertyxx"); //easy password
            lstNotAlowed.Add("admin"); //fictional charcter
            bool isValidPassword = false;
            string sPassword = "";
            while (!isValidPassword)
            {
                sPassword = GetCompliantPassword("may", "chnvsbt0033pc.in002.test.net", 8);
                if (!lstNotAlowed.Contains(sPassword))
                    isValidPassword = true;
              else
              {
                  //change key seed like may0 and call the same method again until get correct password
              }
            }
            Console.WriteLine("Valid Password =" + sPassword);
private string  GetCompliantPassword(string sSeed, string sFQDN, int iMaxLength )
        {
            string newseed = sSeed + sFQDN;
            int iSeed = 0;
            foreach ( char ch  in newseed.ToCharArray() )
            {
                iSeed += ch;
            }
            Random rnd = new Random(iSeed);
            string sPassword = "";
            string sCharactersNotAllowed = ","; //add required charcters needed to be skip
            bool hasUpperCase, hasLowerCase, hasNumber, hasSymbol;
            hasUpperCase = hasLowerCase = hasSymbol = hasNumber = false;
            while (sPassword.Length != iMaxLength)
            {
                char ch = (char)rnd.Next(32, 126);
                if (sCharactersNotAllowed.IndexOf(ch) != -1)
                    continue;
                if (Char.IsUpper(ch) && !hasUpperCase)
                {
                    sPassword += ch;
                    hasUpperCase = true;
                }
                else if (Char.IsLower(ch) && !hasLowerCase)
                {
                    sPassword += ch;
                    hasLowerCase = true;
                }
                else if (sPassword.Length != 0 && sPassword.Length != iMaxLength-1)
                {
                    if (char.IsNumber(ch) && !hasNumber)
                    {
                        sPassword += ch;
                        hasNumber = true;
                    }
                    else if (Char.IsSymbol(ch) && !hasSymbol)
                    {
                        sPassword += ch;
                        hasSymbol = true;
                    }
                }
                if (sPassword.Length == iMaxLength - 1)
                {
                    hasUpperCase = hasLowerCase = false;
                }
                if (hasUpperCase && hasLowerCase && hasSymbol && hasNumber )
                    hasUpperCase = hasLowerCase = hasSymbol = hasNumber = false;
            }
            return sPassword;
        }

Open in new window

0
 
LVL 10

Assisted Solution

by:Mathiyazhagan
Mathiyazhagan earned 2000 total points
ID: 35155426
Oh , Forgot to explain logic in attached sample :

  1.we are creating a string by adding seed and FQDN
  2.we are generating inetger  seed vaue  by adding  ascii value of every character .
         foreach ( char ch  in newseed.ToCharArray() )
                 iSeed += ch;
     and creating random class with above seed
    3. genarating numbers, characters and symbol randomly  using their ascii values from 33 to 126
                char ch = (char)rnd.Next(32, 126);
         error in attcahed code. it should be has 33 as min malue
        refer here for ascii  values :http://ascii-table.com/ascii.php
   4.you can skip some of non os complaint those characted with in above range by adding them
        in   string "sCharactersNotAllowed "
   5. we are adding upper,lower, numbers and symbols as above uptp it meets max length.if we added
    a upper case character , we wont add it again until other types of character (lower, number,symbol) are added.
    we are doing the same all types inorder to get all kind od characters.
   
  6.we are skipping numbers and letters at first and last position


hope this form a required password as per your requirement.
   
 
         
0
Quick Cloud Training

Looking for some quick training on the cloud in 2 hours or less? Check out these how-to guides in AWS, Linux, OpenStack, Azure, and more!

 

Author Comment

by:NewMacAdmin
ID: 35157585
Thanks for the code.  What do lines 42-50 do?
Also what name would you like to appear in the about box?
0
 

Author Comment

by:NewMacAdmin
ID: 35157594
Also the password HAS to START with a letter of any case
0
 
LVL 10

Assisted Solution

by:Mathiyazhagan
Mathiyazhagan earned 2000 total points
ID: 35162689
1.What do lines 42-50 do?
                if (sPassword.Length == iMaxLength - 1)
                {
                    hasUpperCase = hasLowerCase = false;
                }
        we have to skip symbol,numbers at last position. consider Max length = 8 and the generated password upto 7 characters is :  fF5+Nu> here, Uppercase and lowercase are filled and  then hasUpperCase = hasLowerCase  = true. so, it will skip uppper and lower case and we only have the chance of getting number and symbol.to avoid this situation, we have allow upper case and lower case to continue. so, we are making those values to false nad we are getting final password as fF5+Nu>J
            if (hasUpperCase && hasLowerCase && hasSymbol && hasNumber )
                    hasUpperCase = hasLowerCase = hasSymbol = hasNumber = false;
            }
if all the types are filled (all are true ) , we have to generate all those types again.so, we are making them as false.

2.Also the password HAS to START with a letter of any case

yes, it will either upper or lower case character first based on the seed.in our example,
GetCompliantPassword("apr", "chnvsbt0033pc.in002.test.net", 8) gives fF5+Nu>J
GetCompliantPassword("mar", "chnvsbt0033pc.in002.test.net", 8) gives R<s9N^cB

and finally , Also what name would you like to appear in the about box? :)
   Mathiyazhagan.KS

Thank you.
0
 

Author Comment

by:NewMacAdmin
ID: 35166466
Ah ok. I may have misread something.  It is working perfectly.  Now I just need to make it so the software won't run outside our organization. (I have a good handle on that so far.)
0
 

Author Closing Comment

by:NewMacAdmin
ID: 35166479
Worked perfectly.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For those of you who don't follow the news, or just happen to live under rocks, Microsoft Research released a beta SDK (http://www.microsoft.com/en-us/download/details.aspx?id=27876) for the Xbox 360 Kinect. If you don't know what a Kinect is (http:…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question