Password generation

  • kpquery

    kpquery - 2014-06-27

    Some sites I visit require passwords which "must contain at least 1 uppercase char, at least 1 lowercase char, at least 1 digit and at least 1 spl char". How do I get the v2.26 password gen to create such a password say 15 chars long?
    Thank you.

    Last edit: kpquery 2014-06-27
  • wellread1

    wellread1 - 2014-06-28

    Create a custom password generation profile using the built in character sets. Hence the profile 'UldsA{11}' (without quotes):

    • would produce the password with the required elements in the order you specified where the remaining characters are mixed case alphanumeric, e.g. Lw2#pmsOpRuhzay.
    • with 'randomly permute characters of password' selected, would randomly permute the characters e.g. nSdQ6zHZH~jrEtp.
    Last edit: wellread1 2014-06-28
    • kpquery

      kpquery - 2014-06-28

      Thank you for your reply.
      The spec does not require a particular order and it only gives a lower limit on the required char sets. While the pattern you suggest meets the criterion, it introduces two additional restrictions, one of order and the other of number, thus reducing the number of possible combinations available for password generation. Is there no way of representing the spec as is, by a more general pattern? The sites I've come across usually require users to create passwords of the form in the spec. Is there a reason why kp pattern rules preclude the possibility of creating passwords of this more general form?

  • wellread1

    wellread1 - 2014-06-28

    ...the pattern...introduces...restrictions...of order

    See the second point above.

    ...the pattern....introduces...restrictions...of number...reducing the ... possible combinations...

    Correct, all restrictions have that effect. However, you asked how to ensure that the 4 criteria were met (i.e 'at least'), and I assumed that in addition you desired passwords that were somewhat readable. However if you need a very large amount of variability, and are satisfied with generated passwords that usually satisfy the requirements, then use a profile that employs a large character set without other restrictions (e.g. S{15} - base 96) that will generate passwords such as:



    The 4th generated password did not meet the criteria.

    You can achieve the same effect above using the 'Generate using character set' option instead of the 'Generate using pattern' option.

    The KeePass password generator and the built in character sets allow significant customization. You can also build your own character sets. You should be able to create a profile that balances variability against your other requirements.

    The Wikipedia article on password strength is a very helpful guide to selection of password generation criteria.

    Last edit: wellread1 2014-06-28
    • kpquery

      kpquery - 2014-06-28

      You're right regarding the order. I missed some details of your first post. I apologize and thank you for your help.

  • kpquery

    kpquery - 2014-06-28
    Last edit: kpquery 2014-06-28
  • Paul

    Paul - 2014-06-28

    The sites you mention are attempting to make users choose more secure passwords, but a good password generator already does that for you. What they require is a password that follows the rules, not necessarily a secure password, e.g. "Pa55word#".

    cheers, Paul

    Last edit: Paul 2014-06-28
  • YooSH

    YooSH - 2014-06-30

    After reading through the Password Generator page, I think this does exactly what you want.

    in the "Generate using pattern:" line.

    And I agree with you, Paul. Although a far more likely password is "Password1!". (But no cracker would ever think of that! :)

    EDIT: It looks like I didn't look at enough output. (And I forgot my regular expressions.) The pattern I list will sometimes omit one of the types, and on rare occasions, two of the types. Until we find an answer, you may want to use Preview and take the first entry which satisfies all the conditions.

    Still searching. :(

    Last edit: YooSH 2014-06-30
  • YooSH

    YooSH - 2014-07-02

    Okay. I think I have it now. In the password generator, select Generate using pattern, click Randomly permute characters of password, use this pattern


    That will satisfy the requirements without a discernible pattern and give you over 94^11 possible passwords [94^11 + (262632*10)]. It's basically what wellread1 first posted. I use the small u instead of the uppercase u (which I suspect was a typo?). I use S instead of A for a large key size (I agree that A{11} would be more readable).


    In re reading the earlier posts, I think all the information was there. I just couldn't put it together. I don't know if I helped anyone. But researching this and reading your posts have helped me. I also visit sites with the same requirements. I'm happy that I now have something that will work every time. :>


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks