Password generation - Windows complexity rules

steelej
2013-03-03
2013-03-04
  • steelej

    steelej - 2013-03-03

    I am looking into password policies for a project with a view to automatically generating passwords. As it is enforceable by Windows Policies I would like to simply specify that Windows Complexity Rules should be followed. I can also specify the same rules (that cannot be enforced by technical measures) for other uses of passwords e.g. BIOS. KeyPass would eliminate the vagaries of the human mind in creating random passwords within constraints. I have been unable to work out how I could do this using KeyPass password generation.

    Simply stated (and from memory) the password characters should contain at least one character out of at least three out of the four sets of Upper Case, Lower Case, Numbers and Punctuation marks. Spaces are allowed. Microsoft probably list the legal punctuation marks somewhere.

    To ease visibility I would want to eliminate spaces at the beginning and end, and I would probably want to limit the number of punctuation marks to say two for situations where they would have to be manually typed (e.g. a local admin password into a server via the keyboard).

    Is it feasible to do this, or even come close?

     
  • Paul

    Paul - 2013-03-03

    KeePass will follow most of those rules but you can't limit where a space may turn up, nor how many of any particular family of character. You could just leave spaces out. KeePass only generates fixed length passwords, which may not be ideal given your requirements.
    Essentially KeePass doesn't do what you require.

    cheers, Paul

     
  • steelej

    steelej - 2013-03-03

    Fixed length passwords would be OK,even desirable. I was wondering if the password generator template could be enhanced to do something like this.

     
  • develop1

    develop1 - 2013-03-04

    Not sure what your asking to occur.
    The following keepass password generation template seems to fit what your asking for.

    [l][d][u][s][ldus ][ldu][ldu ][ldu][ldu ][ldu][ldu ][ldu]

    with the above all passwords will be guaranteed to have all four catagories (lower/digit/upper/symbol)
    in fact, the first four characters of the password guarantee the above.
    everything in the template after this is simply to get up to two symbols per password
    as well as to allow for embedded spaces.

    A downside to a template such as this is certain positions will only have
    certain types of characters but even so the universe of characters is vast
    and the number of permutations is astoundingly huge as to make the overall password secure from brute force.

    [l][d][u][s][ldus ][ldu][ldu ][ldu][ldu ][ldu][ldu ][ldu]

    pos 01-> [l] (a lower)
    pos 02-> [d] (a digit)
    pos 03-> [u] (a upper)
    pos 04-> [s] (a symbol)
    pos 05-> [ldus ] (a lower or digit or upper or symbol or space)
    pos 06-> [ldu] (a lower or digit or upper)
    pos 07-> [ldu ] (a lower or digit or upper or space)
    pos 08-> [ldu] (a lower or digit or upper)
    pos 09-> [ldu ] (a lower or digit or upper or space)
    pos 10-> [ldu] (a lower or digit or upper)
    pos 11-> [ldu ] (a lower or digit or upper or space)
    pos 12-> [ldu] (a lower or digit or upper)

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks