Avatar of Aleks
Aleks
Flag for United States of America asked on

password policy

I am currently generating a random password with the code below. We are implementing a password policy and I need to change the script that generates the password to match this password policy.

This is the current script:

Function generatePassword( passwordLength )
    Dim sDefaultChars
    Dim iCounter
    Dim sMyPassword
    Dim iPickedChar
    Dim iDefaultCharactersLength
    Dim iPasswordLength

    sDefaultChars="abcdefghijklmnopqrstuvxyzABCDEFGHIJKLMNOPQRSTUVXYZ0123456789"
    iPasswordLength=passwordLength
    iDefaultCharactersLength = Len(sDefaultChars) 

    Randomize 'initialize the random number generator

    For iCounter = 1 To iPasswordLength
        'Next pick a number from 1 to length of character set 
        iPickedChar = Int((iDefaultCharactersLength * Rnd) + 1) 

        'Next pick a character from the character set using the random number iPickedChar and Mid function
        sMyPassword = sMyPassword & Mid(sDefaultChars,iPickedChar,1)
    Next 

    generatePassword = sMyPassword
End Function

Open in new window


Password policy:

Mininum:

- 1 Upper case Alphabet
- 3 lower case alphabet
- 2 numbers
- 1 special character    ~!@#$%^+-
ASPWeb DevelopmentVB Script

Avatar of undefined
Last Comment
Aleks

8/22/2022 - Mon
Member_2_1001466

the easiest way is to use the generator as normal and validate the PW, if it fails, generate a new one, until the validation succeeds.
From you initial set, it seems that only upper and lowercase characters are possible. Add numbers and special characters as well to the string.
Aleks

ASKER
I rather have a script that generates the 10 digit code with the validation above.
Member_2_1001466

A lot of scripts do it the way I described earlier, as the position of special characters, numbers, upper and lower case is also random.
But you can put the validation into your generator:
Check, that it contains at least 1 upper case, at least 3 lower case, 2 numbers and 1 special char after you generated a random 10 char code. If it does not validate, start from scratch.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Member_2_1001466

To get a higher chance of generating it with the correct parts, generate a first random number between 0 and 1. If it is below 0.3, take a lower case, if it is between 0.3 and 0.4 take an upper case, between 0.4 and 0.5 take special char, between 0.5 and 0.7 a number and in the remaining case take any char from all possible chars.
Aleks

ASKER
Yeah .. I was asking for help with the actual script. I don't know VBscript  :$  and unfortunately learning will take time I don't have at the moment.
aikimark

Please try this.
Function generatePassword(passwordLength)
    Dim sDefaultChars
    Dim iCounter
    Dim sMyPassword
    Dim iPickedChar
    Dim iDefaultCharactersLength
    Dim iPasswordLength
    Dim UC_Count, LC_Count, Num_Count, Special_Count
    Dim TempPWD
    Dim boolAddit
    Static oRE
    Dim oMatches
    
    If passwordLength < 7 Then  '7 is min pwd length
        Error 5000
        Exit Function
    End If
    
    If IsEmpty(oRE) Then
        ReDim oRE(3)
        Set oRE(0) = CreateObject("vbscript.regexp")
        oRE(0).Global = True
        oRE(0).Pattern = "[A-Z]"
        Set oRE(1) = CreateObject("vbscript.regexp")
        oRE(1).Global = True
        oRE(1).Pattern = "[a-z]"
        Set oRE(2) = CreateObject("vbscript.regexp")
        oRE(2).Global = True
        oRE(2).Pattern = "[0-9]"
        Set oRE(3) = CreateObject("vbscript.regexp")
        oRE(3).Global = True
        oRE(3).Pattern = "[~!@#$%^+-]"
    End If

    sDefaultChars = "abcdefghijklmnopqrstuvxyzABCDEFGHIJKLMNOPQRSTUVXYZ0123456789~!@#$%^+-"
    iPasswordLength = passwordLength
    iDefaultCharactersLength = Len(sDefaultChars)

    Randomize 'initialize the random number generator

    Do
        'Next pick a character from the candidate list
        iPickedChar = Int((iDefaultCharactersLength * Rnd) + 1)
        TempPWD = sMyPassword & Mid(sDefaultChars, iPickedChar, 1)
        Set oMatches = oRE(0).Execute(TempPWD)
        UC_Count = oMatches.Count
        Set oMatches = oRE(1).Execute(TempPWD)
        LC_Count = oMatches.Count
        Set oMatches = oRE(2).Execute(TempPWD)
        Num_Count = oMatches.Count
        Set oMatches = oRE(3).Execute(TempPWD)
        Special_Count = oMatches.Count
        
        boolAddit = ((UC_Count <= 1) And (LC_Count <= 3) And (Num_Count <= 2) And (Special_Count <= 1))
        
        If Len(sMyPassword) < 7 Then
            If boolAddit Then
                sMyPassword = TempPWD
            End If
        Else
            sMyPassword = TempPWD
        End If
        
    Loop Until Len(sMyPassword) = iPasswordLength

    generatePassword = sMyPassword
End Function

Open in new window

Note: There are some weaknesses in the VB PRNG that I outlined in this article.
https://www.experts-exchange.com/articles/11114/An-Examination-of-Visual-Basic's-Random-Number-Generation.html

=================
The above solution probably isn't the most efficient, but I started with your code.  If starting from scratch, I probably would select random elements from each of the categories until I reached each of the category (min character) limit, continuing to pick random items until the desired password length had been met.  Then I would shuffle the items into the new password string.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
ASKER CERTIFIED SOLUTION
aikimark

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Aleks

ASKER
:)