These code samples demonstrate how to generate a strong random password, which does not contain ambiguous characters (such as [1,l,I] or [O,0]). A strong password must be at least eight characters long and contain a combination of lower- and upper-case letters, numbers, and special characters.
/////////////////////////////////////////////////////////////////////////////// // SAMPLE: Generates random password, which complies with the strong password // rules and does not contain ambiguous characters. // // To run this sample, create a new Visual C# project using the Console // Application template and replace the contents of the Class1.cs file with // the code below. // // THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, // EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED // WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE. // // Copyright (C) 2015 PureSourceCode. All rights reserved. // using System; using System.Security.Cryptography; /// <summary> /// This class can generate random passwords, which do not include ambiguous /// characters, such as I, l, and 1. The generated password will be made of /// 7-bit ASCII symbols. Every four characters will include one lower case /// character, one upper case character, one number, and one special symbol /// (such as '%') in a random order. The password will always start with an /// alpha-numeric character; it will not start with a special symbol (we do /// this because some back-end systems do not like certain special /// characters in the first position). /// </summary> public class RandomPassword { // Define default min and max password lengths. private static int DEFAULT_MIN_PASSWORD_LENGTH = 8; private static int DEFAULT_MAX_PASSWORD_LENGTH = 10; // Define supported password characters divided into groups. // You can add (or remove) characters to (from) these groups. private static string PASSWORD_CHARS_LCASE = "abcdefgijkmnopqrstwxyz"; private static string PASSWORD_CHARS_UCASE = "ABCDEFGHJKLMNPQRSTWXYZ"; private static string PASSWORD_CHARS_NUMERIC= "23456789"; private static string PASSWORD_CHARS_SPECIAL= "*$-+?_&=!%{}/"; /// <summary> /// Generates a random password. /// </summary> /// <returns> /// Randomly generated password. /// </returns> /// <remarks> /// The length of the generated password will be determined at /// random. It will be no shorter than the minimum default and /// no longer than maximum default. /// </remarks> public static string Generate() { return Generate(DEFAULT_MIN_PASSWORD_LENGTH, DEFAULT_MAX_PASSWORD_LENGTH); } /// <summary> /// Generates a random password of the exact length. /// </summary> /// <param name="length"> /// Exact password length. /// </param> /// <returns> /// Randomly generated password. /// </returns> public static string Generate(int length) { return Generate(length, length); } /// <summary> /// Generates a random password. /// </summary> /// <param name="minLength"> /// Minimum password length. /// </param> /// <param name="maxLength"> /// Maximum password length. /// </param> /// <returns> /// Randomly generated password. /// </returns> /// <remarks> /// The length of the generated password will be determined at /// random and it will fall with the range determined by the /// function parameters. /// </remarks> public static string Generate(int minLength, int maxLength) { // Make sure that input parameters are valid. if (minLength <= 0 || maxLength <= 0 || minLength > maxLength) return null; // Create a local array containing supported password characters // grouped by types. You can remove character groups from this // array, but doing so will weaken the password strength. char[][] charGroups = new char[][] { PASSWORD_CHARS_LCASE.ToCharArray(), PASSWORD_CHARS_UCASE.ToCharArray(), PASSWORD_CHARS_NUMERIC.ToCharArray(), PASSWORD_CHARS_SPECIAL.ToCharArray() }; // Use this array to track the number of unused characters in each // character group. int[] charsLeftInGroup = new int[charGroups.Length]; // Initially, all characters in each group are not used. for (int i=0; i<charsLeftInGroup.Length; i++) charsLeftInGroup[i] = charGroups[i].Length; // Use this array to track (iterate through) unused character groups. int[] leftGroupsOrder = new int[charGroups.Length]; // Initially, all character groups are not used. for (int i=0; i<leftGroupsOrder.Length; i++) leftGroupsOrder[i] = i; // Because we cannot use the default randomizer, which is based on the // current time (it will produce the same "random" number within a // second), we will use a random number generator to seed the // randomizer. // Use a 4-byte array to fill it with random bytes and convert it then // to an integer value. byte[] randomBytes = new byte[4]; // Generate 4 random bytes. RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); rng.GetBytes(randomBytes); // Convert 4 bytes into a 32-bit integer value. int seed = BitConverter.ToInt32(randomBytes, 0); // Now, this is real randomization. Random random = new Random(seed); // This array will hold password characters. char[] password = null; // Allocate appropriate memory for the password. if (minLength < maxLength) password = new char[random.Next(minLength, maxLength+1)]; else password = new char[minLength]; // Index of the next character to be added to password. int nextCharIdx; // Index of the next character group to be processed. int nextGroupIdx; // Index which will be used to track not processed character groups. int nextLeftGroupsOrderIdx; // Index of the last non-processed character in a group. int lastCharIdx; // Index of the last non-processed group. int lastLeftGroupsOrderIdx = leftGroupsOrder.Length - 1; // Generate password characters one at a time. for (int i=0; i<password.Length; i++) { // If only one character group remained unprocessed, process it; // otherwise, pick a random character group from the unprocessed // group list. To allow a special character to appear in the // first position, increment the second parameter of the Next // function call by one, i.e. lastLeftGroupsOrderIdx + 1. if (lastLeftGroupsOrderIdx == 0) nextLeftGroupsOrderIdx = 0; else nextLeftGroupsOrderIdx = random.Next(0, lastLeftGroupsOrderIdx); // Get the actual index of the character group, from which we will // pick the next character. nextGroupIdx = leftGroupsOrder[nextLeftGroupsOrderIdx]; // Get the index of the last unprocessed characters in this group. lastCharIdx = charsLeftInGroup[nextGroupIdx] - 1; // If only one unprocessed character is left, pick it; otherwise, // get a random character from the unused character list. if (lastCharIdx == 0) nextCharIdx = 0; else nextCharIdx = random.Next(0, lastCharIdx+1); // Add this character to the password. password[i] = charGroups[nextGroupIdx][nextCharIdx]; // If we processed the last character in this group, start over. if (lastCharIdx == 0) charsLeftInGroup[nextGroupIdx] = charGroups[nextGroupIdx].Length; // There are more unprocessed characters left. else { // Swap processed character with the last unprocessed character // so that we don't pick it until we process all characters in // this group. if (lastCharIdx != nextCharIdx) { char temp = charGroups[nextGroupIdx][lastCharIdx]; charGroups[nextGroupIdx][lastCharIdx] = charGroups[nextGroupIdx][nextCharIdx]; charGroups[nextGroupIdx][nextCharIdx] = temp; } // Decrement the number of unprocessed characters in // this group. charsLeftInGroup[nextGroupIdx]--; } // If we processed the last group, start all over. if (lastLeftGroupsOrderIdx == 0) lastLeftGroupsOrderIdx = leftGroupsOrder.Length - 1; // There are more unprocessed groups left. else { // Swap processed group with the last unprocessed group // so that we don't pick it until we process all groups. if (lastLeftGroupsOrderIdx != nextLeftGroupsOrderIdx) { int temp = leftGroupsOrder[lastLeftGroupsOrderIdx]; leftGroupsOrder[lastLeftGroupsOrderIdx] = leftGroupsOrder[nextLeftGroupsOrderIdx]; leftGroupsOrder[nextLeftGroupsOrderIdx] = temp; } // Decrement the number of unprocessed groups. lastLeftGroupsOrderIdx--; } } // Convert password characters into a string and return the result. return new string(password); } } /// <summary> /// Illustrates the use of the RandomPassword class. /// </summary> public class RandomPasswordTest { /// <summary> /// The main entry point for the application. /// </summary> [STAThread] static void Main(string[] args) { // Print 100 randomly generated passwords (8-to-10 char long). for (int i=0; i<100; i++) Console.WriteLine(RandomPassword.Generate(8, 10)); } }
VB.NET code sample
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' SAMPLE: Generates random password, which complies with the strong password ' rules and does not contain ambiguous characters. ' ' To run this sample, create a new Visual Basic.NET project using the Console ' Application template and replace the contents of the Module1.vb file with ' the code below. ' ' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, ' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED ' WARRANTIES OF MERCHANTABILITY AND'OR FITNESS FOR A PARTICULAR PURPOSE. ' ' Copyright (C) 2015 PureSourceCode. All rights reserved. ' Imports System Imports System.Security.Cryptography Module Module1 ' <summary> ' This class can generate random passwords, which do not include ambiguous ' characters, such as I, l, and 1. The generated password will be made of ' 7-bit ASCII symbols. Every four characters will include one lower case ' character, one upper case character, one number, and one special symbol ' (such as '%') in a random order. The password will always start with an ' alpha-numeric character; it will not start with a special symbol (we do ' this because some back-end systems do not like certain special ' characters in the first position). ' </summary> Public Class RandomPassword ' Define default min and max password lengths. Private Shared DEFAULT_MIN_PASSWORD_LENGTH As Integer = 8 Private Shared DEFAULT_MAX_PASSWORD_LENGTH As Integer = 10 ' Define supported password characters divided into groups. ' You can add (or remove) characters to (from) these groups. Private Shared PASSWORD_CHARS_LCASE As String = "abcdefgijkmnopqrstwxyz" Private Shared PASSWORD_CHARS_UCASE As String = "ABCDEFGHJKLMNPQRSTWXYZ" Private Shared PASSWORD_CHARS_NUMERIC As String= "23456789" Private Shared PASSWORD_CHARS_SPECIAL As String= "*$-+?_&=!%{}/" ' <summary> ' Generates a random password. ' </summary> ' <returns> ' Randomly generated password. ' </returns> ' <remarks> ' The length of the generated password will be determined at ' random. It will be no shorter than the minimum default and ' no longer than maximum default. ' </remarks> Public Shared Function Generate() As String Generate = Generate(DEFAULT_MIN_PASSWORD_LENGTH, _ DEFAULT_MAX_PASSWORD_LENGTH) End Function ' <summary> ' Generates a random password of the exact length. ' </summary> ' <param name="length"> ' Exact password length. ' </param> ' <returns> ' Randomly generated password. ' </returns> Public Shared Function Generate(length As Integer) As String Generate = Generate(length, length) End Function ' <summary> ' Generates a random password. ' </summary> ' <param name="minLength"> ' Minimum password length. ' </param> ' <param name="maxLength"> ' Maximum password length. ' </param> ' <returns> ' Randomly generated password. ' </returns> ' <remarks> ' The length of the generated password will be determined at ' random and it will fall with the range determined by the ' function parameters. ' </remarks> Public Shared Function Generate(minLength As Integer, _ maxLength As Integer) _ As String ' Make sure that input parameters are valid. If (minLength <= 0 Or maxLength <= 0 Or minLength > maxLength) Then Generate = Nothing End If ' Create a local array containing supported password characters ' grouped by types. You can remove character groups from this ' array, but doing so will weaken the password strength. Dim charGroups As Char()() = New Char()() _ { _ PASSWORD_CHARS_LCASE.ToCharArray(), _ PASSWORD_CHARS_UCASE.ToCharArray(), _ PASSWORD_CHARS_NUMERIC.ToCharArray(), _ PASSWORD_CHARS_SPECIAL.ToCharArray() _ } ' Use this array to track the number of unused characters in each ' character group. Dim charsLeftInGroup As Integer() = New Integer(charGroups.Length-1){} ' Initially, all characters in each group are not used. Dim I As Integer For I=0 To charsLeftInGroup.Length-1 charsLeftInGroup(I) = charGroups(I).Length Next ' Use this array to track (iterate through) unused character groups. Dim leftGroupsOrder As Integer() = New Integer(charGroups.Length-1){} ' Initially, all character groups are not used. For I=0 To leftGroupsOrder.Length-1 leftGroupsOrder(I) = I Next ' Because we cannot use the default randomizer, which is based on the ' current time (it will produce the same "random" number within a ' second), we will use a random number generator to seed the ' randomizer. ' Use a 4-byte array to fill it with random bytes and convert it then ' to an integer value. Dim randomBytes As Byte() = New Byte(3){} ' Generate 4 random bytes. Dim rng As RNGCryptoServiceProvider = New RNGCryptoServiceProvider() rng.GetBytes(randomBytes) ' Convert 4 bytes into a 32-bit integer value. Dim seed As Integer = BitConverter.ToInt32(randomBytes, 0) ' Now, this is real randomization. Dim random As Random = New Random(seed) ' This array will hold password characters. Dim password As Char() = Nothing ' Allocate appropriate memory for the password. If (minLength < maxLength) Then password = New Char(random.Next(minLength-1, maxLength)){} Else password = New Char(minLength-1){} End If ' Index of the next character to be added to password. Dim nextCharIdx As Integer ' Index of the next character group to be processed. Dim nextGroupIdx As Integer ' Index which will be used to track not processed character groups. Dim nextLeftGroupsOrderIdx As Integer ' Index of the last non-processed character in a group. Dim lastCharIdx As Integer ' Index of the last non-processed group. Dim lastLeftGroupsOrderIdx As Integer = leftGroupsOrder.Length-1 ' Generate password characters one at a time. For I=0 To password.Length-1 ' If only one character group remained unprocessed, process it; ' otherwise, pick a random character group from the unprocessed ' group list. To allow a special character to appear in the ' first position, increment the second parameter of the Next ' function call by one, i.e. lastLeftGroupsOrderIdx + 1. If (lastLeftGroupsOrderIdx = 0) Then nextLeftGroupsOrderIdx = 0 Else nextLeftGroupsOrderIdx = random.Next(0, lastLeftGroupsOrderIdx) End If ' Get the actual index of the character group, from which we will ' pick the next character. nextGroupIdx = leftGroupsOrder(nextLeftGroupsOrderIdx) ' Get the index of the last unprocessed characters in this group. lastCharIdx = charsLeftInGroup(nextGroupIdx)-1 ' If only one unprocessed character is left, pick it; otherwise, ' get a random character from the unused character list. If (lastCharIdx = 0) Then nextCharIdx = 0 Else nextCharIdx = random.Next(0, lastCharIdx+1) End If ' Add this character to the password. password(I) = charGroups(nextGroupIdx)(nextCharIdx) ' If we processed the last character in this group, start over. If (lastCharIdx = 0) Then charsLeftInGroup(nextGroupIdx) = _ charGroups(nextGroupIdx).Length ' There are more unprocessed characters left. Else ' Swap processed character with the last unprocessed character ' so that we don't pick it until we process all characters in ' this group. If (lastCharIdx <> nextCharIdx) Then Dim temp As Char = charGroups(nextGroupIdx)(lastCharIdx) charGroups(nextGroupIdx)(lastCharIdx) = _ charGroups(nextGroupIdx)(nextCharIdx) charGroups(nextGroupIdx)(nextCharIdx) = temp End If ' Decrement the number of unprocessed characters in ' this group. charsLeftInGroup(nextGroupIdx) = _ charsLeftInGroup(nextGroupIdx)-1 End If ' If we processed the last group, start all over. If (lastLeftGroupsOrderIdx = 0) Then lastLeftGroupsOrderIdx = leftGroupsOrder.Length-1 ' There are more unprocessed groups left. Else ' Swap processed group with the last unprocessed group ' so that we don't pick it until we process all groups. If (lastLeftGroupsOrderIdx <> nextLeftGroupsOrderIdx) Then Dim temp As Integer = _ leftGroupsOrder(lastLeftGroupsOrderIdx) leftGroupsOrder(lastLeftGroupsOrderIdx) = _ leftGroupsOrder(nextLeftGroupsOrderIdx) leftGroupsOrder(nextLeftGroupsOrderIdx) = temp End If ' Decrement the number of unprocessed groups. lastLeftGroupsOrderIdx = lastLeftGroupsOrderIdx - 1 End If Next ' Convert password characters into a string and return the result. Generate = New String(password) End Function End Class ' <summary> ' The main entry point for the application. ' </summary> Sub Main() Dim I As Integer For I=1 To 100 Console.WriteLine(RandomPassword.Generate(8, 10)) Next End Sub End Module
Program output
B$g3-6YpjA Nk5{!Yb37 P}o8wX7$! Dc5+t=Q8}P gG_2?a4H yW}5K3w*9 Qr9%5-jHg 8Bg%s*A63q 3Nd?E{5jxY 2Kf!s}E9 3z$XN9q*+ ... T!b68C*wt