Password generator

[Jaze]

Makes sure one of each character type is in the password. All passwords contain an uppercase letter, a lowercase letter and an integer with the length give by the user. User must input which special characters are valid. No very user friendly. For example if you try to make a two character password, the program goes into an endless loop while it tries to find a password with an uppercase, lowercase and integer. If you add special characters, the password length has to be at least four. I like this better than chrome generating a password.

Code: QB64: [Select]

1. 'Creator: Jaze C McAskill
2.  
3. CONST FALSE = 0
4. CONST TRUE = 1
5.  
6. RANDOMIZE TIMER
7. CLS
8. PRINT "Special characters? ";
9. specialCharsYN$ = UCASE$(INPUT$(1))
10.  
11. characterSet$ = "" 'define the list of characters from which to make the password
12. FOR upperLower = 65 TO 64 + 26
13.     characterSet$ = characterSet$ + CHR$(upperLower) 'add upper case letters
14.     characterSet$ = characterSet$ + CHR$(upperLower + (96 - 64)) 'add lower case letters
15. NEXT
16.  
17. FOR integers = 48 TO 48 + 9
18.     characterSet$ = characterSet$ + CHR$(integers) 'add numbers
19. NEXT integers
20.  
21. IF specialCharsYN$ = "Y" THEN 'get special characters from user
22.     PRINT
23.     PRINT "Type in character set to use, <ENTER> to stop."
24.     another$ = ""
25.     DO
26.         characterSet$ = characterSet$ + another$ 'add provided special characters
27.         another$ = INPUT$(1): PRINT another$ + " ";
28.     LOOP UNTIL another$ = CHR$(13)
29. END IF
30.  
31. PRINT: PRINT
32. INPUT "Password length: "; pwlength
33.  
34. makePwAgain: 'place to return to if the password is missing an upper case, lower case, integer or special character
35. pw$ = "": newChar$ = ""
36.  
37. FOR pickAcharFromCharacterSet = 1 TO pwlength 'loop from 1 to the length of the password to be generated
38.     newChar$ = MID$(characterSet$, INT(RND * LEN(characterSet$) + 1), 1) 'pick a new character from the predefined set
39.     pw$ = pw$ + newChar$ 'add it to the password
40. NEXT
41.  
42. intInPw = FALSE '      used to make sure and integer is in the password
43. upperCaseInPw = FALSE ' same for upper case
44. lowerCaseInPw = FALSE ' lower case
45. specialCharInPw = FALSE ' special character
46.  
47. 'the specialChar checking is the one I can't see yet
48. FOR parsing = 1 TO LEN(pw$) 'check each character in the generated password to make sure one of each is there
49.     IF ASC(MID$(pw$, parsing, 1)) >= 65 AND ASC(MID$(pw$, parsing, 1)) < 65 + 26 THEN 'there is an uppercase letter
50.         upperCaseInPw = TRUE
51.     ELSEIF ASC(MID$(pw$, parsing, 1)) >= 96 AND ASC(MID$(pw$, parsing, 1)) < 96 + 65 THEN 'there is a lowercase letter
52.         lowerCaseInPw = TRUE
53.     ELSEIF VAL(MID$(pw$, parsing, 1)) >= 0 AND VAL(MID$(pw$, parsing, 1)) < 10 THEN 'there is an integer
54.         intInPw = TRUE
55.     END IF
56. NEXT parsing
57. 'program knows if pw$ has an int, an upper case and a lower case
58.  
59. IF specialCharsYN$ = "Y" THEN 'check to make sure a special character was added
60.     FOR parsing = (26 * 2 + 10) + 1 TO LEN(characterSet$) 'skip the uppercase, lowercase and integers in the set from wich the password is made
61.         ifThisCharIsInPW$ = MID$(characterSet$, parsing, 1) ' cycle throgh the special characters
62.         FOR parsing2 = 1 TO LEN(pw$)
63.             IF MID$(pw$, parsing2, 1) = ifThisCharIsInPW$ THEN specialCharInPw = TRUE
64.         NEXT parsing2
65.     NEXT parsing
66. ELSE
67.     specialCharInPw = TRUE
68. END IF
69.  
70. IF intInPw = FALSE OR upperCaseInPw = FALSE OR lowerCaseInPw = FALSE OR specialCharInPw = FALSE THEN GOTO makePwAgain
71. PRINT pw$

[NOVARSEG]

there are a few ways to think about passwords

the very short password - easy to remember but easy to guess
the moderately long password - a bit harder to remember but harder to guess.

The very long password - not possible to remember but virtually unbreakable

[Jaze]

I use this generator for all passwords. Of course, I write them down because I have about 60 accounts and a uniquely generated password for each. Most are 8 characters long, some are 10. Even with such a small number of characters, without brute force they are virtually unable to be hacked.

[doppler]

I use this generator for all passwords. Of course, I write them down because I have about 60 accounts and a uniquely generated password for each.

Can I suggest a way to save them.  Which doubles as a launcher too.  Since it's based on Java it runs everywhere.  I had it running on a raspberry PI too.  There is only 1 pass word needed to unencrypt password dragons password container.
https://www.passworddragon.com/

If you want to go the hardware dongle route, which allows portable secure passwords there is: https://www.themooltipass.com/
It uses a secure "cheap" passcard.  Again one 4 digit pass to know.

[OldMoses]

there are a few ways to think about passwords

the very short password - easy to remember but easy to guess
the moderately long password - a bit harder to remember but harder to guess.

The very long password - not possible to remember but virtually unbreakable

If we're purely talking about length, repeat characters or patterns should be easy to remember but hard to crack. As far as I'm aware, a brute force password cracker has to hit the password exactly or the result is false, and it goes on to the next iteration. Perhaps I'm way off base, but that's how I understand it.

If your password is 'Ax#135', memorization is easy and a decent cracking algorithm on a fast machine will get it within a few seconds or so. If your password is 'AAAAAxxxxx#####111113333355555' (i.e. 30 characters in length) the cracking algorithm probably won't get around to it for some span of lifetimes, but it will be simple to remember. Not being a cryptographer, I don't know if there are mathematical ways around that dodge. It all comes down to how sensitive is the info you're protecting and how committed are the folks that want it.

You could mix it up the reps:
Axx###111133333555555

or repeat a simple pattern

Ax#135Ax#135Ax#135Ax#135

etc.

I'm a fan of using mnemonic memorizations, for example:

@aPr2m*8d   (At a Paris restaurant two movie stars ate dinner)

[doppler]

If I remember right.  A study was done about the length and complexity required to create a secure password.  The result was what's in the password is not as important as the length.  So a password of 30 characters all jumbled up is no harder to crack that 30 "z"'s.

If you think 8 characters should suffice.  I saw a YouTube video of a 8 GPU rig, that blew out hashes like nobodies business.  Using Rainbow tables and combination tables.  It could find a 6 character password in seconds.  And 8 character passwords in minutes.  Quantum computing will change more than history.  Combined with real AI.  We are done for.