Password generation

Help
kpquery
2014-06-27
2014-07-02
  • kpquery
    kpquery
    2014-06-27

    Some sites I visit require passwords which "must contain at least 1 uppercase char, at least 1 lowercase char, at least 1 digit and at least 1 spl char". How do I get the v2.26 password gen to create such a password say 15 chars long?
    Thank you.

     
    Last edit: kpquery 2014-06-27
  • wellread1
    wellread1
    2014-06-28

    Create a custom password generation profile using the built in character sets. Hence the profile 'UldsA{11}' (without quotes):

    • would produce the password with the required elements in the order you specified where the remaining characters are mixed case alphanumeric, e.g. Lw2#pmsOpRuhzay.
    • with 'randomly permute characters of password' selected, would randomly permute the characters e.g. nSdQ6zHZH~jrEtp.
     
    Last edit: wellread1 2014-06-28
    • kpquery
      kpquery
      2014-06-28

      Thank you for your reply.
      The spec does not require a particular order and it only gives a lower limit on the required char sets. While the pattern you suggest meets the criterion, it introduces two additional restrictions, one of order and the other of number, thus reducing the number of possible combinations available for password generation. Is there no way of representing the spec as is, by a more general pattern? The sites I've come across usually require users to create passwords of the form in the spec. Is there a reason why kp pattern rules preclude the possibility of creating passwords of this more general form?

       
  • wellread1
    wellread1
    2014-06-28

    ...the pattern...introduces...restrictions...of order

    See the second point above.

    ...the pattern....introduces...restrictions...of number...reducing the ... possible combinations...

    Correct, all restrictions have that effect. However, you asked how to ensure that the 4 criteria were met (i.e 'at least'), and I assumed that in addition you desired passwords that were somewhat readable. However if you need a very large amount of variability, and are satisfied with generated passwords that usually satisfy the requirements, then use a profile that employs a large character set without other restrictions (e.g. S{15} - base 96) that will generate passwords such as:

    URo)o][*yTUyQW2
    R[V<8o(8n]
    MI;kv
    ~ONbR[F{]\qk%L3
    %Z[c""E:sQLKobz
    7iM+QPHS.b,yGa
    y}6pM^Lr8X#W_o4

    Notes:

    The 4th generated password did not meet the criteria.

    You can achieve the same effect above using the 'Generate using character set' option instead of the 'Generate using pattern' option.

    The KeePass password generator and the built in character sets allow significant customization. You can also build your own character sets. You should be able to create a profile that balances variability against your other requirements.

    The Wikipedia article on password strength is a very helpful guide to selection of password generation criteria.

     
    Last edit: wellread1 2014-06-28
    • kpquery
      kpquery
      2014-06-28

      You're right regarding the order. I missed some details of your first post. I apologize and thank you for your help.

       
  • kpquery
    kpquery
    2014-06-28

     
    Last edit: kpquery 2014-06-28
  • Paul
    Paul
    2014-06-28

    The sites you mention are attempting to make users choose more secure passwords, but a good password generator already does that for you. What they require is a password that follows the rules, not necessarily a secure password, e.g. "Pa55word#".

    cheers, Paul

     
    Last edit: Paul 2014-06-28
  • YooSH
    YooSH
    2014-06-30

    After reading through the Password Generator page, I think this does exactly what you want.

    Put
    [ulds]{15}
    in the "Generate using pattern:" line.

    And I agree with you, Paul. Although a far more likely password is "Password1!". (But no cracker would ever think of that! :)

    EDIT: It looks like I didn't look at enough output. (And I forgot my regular expressions.) The pattern I list will sometimes omit one of the types, and on rare occasions, two of the types. Until we find an answer, you may want to use Preview and take the first entry which satisfies all the conditions.

    Still searching. :(

     
    Last edit: YooSH 2014-06-30
  • YooSH
    YooSH
    2014-07-02

    Okay. I think I have it now. In the password generator, select Generate using pattern, click Randomly permute characters of password, use this pattern

    S{11}slud

    That will satisfy the requirements without a discernible pattern and give you over 94^11 possible passwords [94^11 + (262632*10)]. It's basically what wellread1 first posted. I use the small u instead of the uppercase u (which I suspect was a typo?). I use S instead of A for a large key size (I agree that A{11} would be more readable).

    XbCv&bhhGhv@9|V
    =mM`Gy|4R@yy6!M
    N"MmA1Zq}jt7&e^
    e\iI/4{ES'L;?c*
    Wy"G3"}Gsr4aHbo
    ReZ0?zA8$t,"<3G
    uHxhG1Q&@m%D{_R

    In re reading the earlier posts, I think all the information was there. I just couldn't put it together. I don't know if I helped anyone. But researching this and reading your posts have helped me. I also visit sites with the same requirements. I'm happy that I now have something that will work every time. :>