Password Question (With Complexity)

[Crouchie1998]

Hi all,

I need a function that cannot be random & always calculates the same
password with the same imput

I have a 7 digit number which I need to change into 12 characters for
password complexity. Here's what I mean:

2 Textboxes (1 * max length 7 numbers & 1 * generated password)

If the input is: 8884321 I'd like the second textbox to show something like:
?M1n5412765?

If at a latter date another user enters 8884321 for example I'd like it to
generate the same password & not a random one.

Only want to use '?' and no other special charaters

Any help will be appreciated and Happy Christmas to you all

 

[Family Tree Mike]

Hi all,

I need a function that cannot be random& always calculates the same
password with the same imput

I have a 7 digit number which I need to change into 12 characters for
password complexity. Here's what I mean:

2 Textboxes (1 * max length 7 numbers& 1 * generated password)

If the input is: 8884321 I'd like the second textbox to show something like:
?M1n5412765?

If at a latter date another user enters 8884321 for example I'd like it to
generate the same password& not a random one.

Only want to use '?' and no other special charaters

Any help will be appreciated and Happy Christmas to you all

There are an infinite number of ways to do this.

Do you need to be able to reverse the process? In other words, given
?M1n5412765? do you need to get 8884321?

Here is a very simplistic solution, which repeats a series of four
characters three times

1. create a array of acceptable output characters
2. generate the four bytes for the integer
3. use the four bytes as indexes into the array of output characters by
mod'ing the value by the size of the array
4. repeat step 3 two more times to get a total of twelve characters

It probably needs to be more complex than that. To make it more
complex, change the second and third series by adding some value to the
original input value.

 

[Cor Ligthert[MVP]]

Crouchie,

To create a password for somebody (beside a temporally one, which can be an
easy one) is not really something anymore from the 3rd millennium.

A password is to protect personal data security, not something that is
arranged (in my culture zone) by somebody else.

The only thing which is preferred to validate, is if it is a strong
password. At least 8 characters, from which at least one uppercase, one
lowercase and one special character or number character.

Cor

 

[Martin H.]

Hello Crouchie,

there is one problem with your attempt which is that if you always
generate the same password if someone uses the same input, then the
password is actually just the 7 digit number. Should I get hold of your
program or your algorithm I could try out these 7 digits easily within
30 minutes - so your password is absolutely not save - it just appears
to be. If you want to create complex passwords then they should be
random. However, the problem is that passwords like X3494823??x01!,- are
difficult to remember and that users will easily find a way around it.

For example, in some companies from time to time Windows will request
that you change your password. After changing your password 3 times, you
can go back to your original password (passw_1, passw_2, passw_3,
passw_4, passw_1 ...). If a user does this every time he needs to change
is password, he can always use the same password. So, does this password
change request increase security?

If your password generator generates log-in data the users will change
the password as soon as they can. If they can't do that, they won't like
it and leave. If your plan is to write a password generator just for fun
- ok, but there are already thousands out there.

The best way for generating passwords that users can remember is to
generate some with a meaning - but not simple words, but from a sentence.

ImMgE2ndS.

Which could translate into:
I meet My grandfather Every 2nd Sunday.

But that would mean that first you need to display the sentence for the
user to remember the meaning and second you need an infinite list of
sentences, because otherwise they could still be found out if someone
gets your sentence list.

Best regards,

Martin

Am 26.12.2009 14:04, schrieb Cor Ligthert[MVP]:

 

[James Hahn]

I don't know what sort of compartmentalised culture you move in, but the
need to generate passwords for validated users to get access to additional
resources is a common requirement in any business system of reasonable
complexity.

 

[James Hahn]

The password is currently seven digits - that can't be changed. But the
problem is that the required password must be 12 characters, so it is
necessary to be able to create the required password from the current
7-digit password. Obviously the preferable approach would be to upgrade
both systems to the same 12-digit password, but if that's not possible then
OP has no choice but to generate a _consistent_ 12-digit password from the
existing 7-digit one. Sure, the system will only be as secure as its
weakest password, but that's always an issue when dealing with disparate
components that work to different standards.

Since the passsword is being generated for the user (who will probably never
see it) the rememberability is irrelevant.

 

[Cor Ligthert[MVP]]

James,

You mean that all major bank systems (and by Instance Microsoft and Google)
are wrong.

James you can become rich.

Write them a letter with your new insight.

Cor

 

[Crouchie1998]

Hello All

Thank you for your replies

The password has to stay constant as it will have to be generated by an
individual number. There are 3000 of these around the country. All it's for
is a SA password for SQL. Therefore, I cannot generate random passwords each
time.

The application I am creating will be used by installation engineers &
helpdesk staff & everything is internal so no chance of a hacker to get in
and abuse the system

The currect password structure is a fixed length. Have coded something so
far which creates 24 charaters where I just use the first 12 of them. However
the users of this tool aren't going to be amused if they have to keep typing
things like:
?1n0DSBa4nT! when they can type: ?1n0D129709!

Any more ideas?

 

[Gregory A. Beamer]

I need a function that cannot be random & always calculates the same
password with the same imput

I have a 7 digit number which I need to change into 12 characters for
password complexity. Here's what I mean:

2 Textboxes (1 * max length 7 numbers & 1 * generated password)

If the input is: 8884321 I'd like the second textbox to show something
like: ?M1n5412765?

When the user logs in later, is he going to use M1n5412765 as his
password, or does he always enter 8884321?

In other words, are you trying to force him to a 12 digit, but want a
predictable method of getting to 12? or, are you trying to make sure
someone getting at the "password" in the data store cannot reverse
engineer it to 8884321?

Either way, if you want predictability, you are looking for a hashing
mechanism. There are a couple of standard hashes in .NET, although I
believe they both end up with more than 12 figures and use a full
Unicode implementation.

You can create a custom hash, of course, and will have to to create a
hash that is only 12 characters, unless you just want to clip 12
characters from a SHA or MD5 hash. This is predictable, but does not
include the ? character.

Peace and Grace,

--
Gregory A. Beamer (MVP)

Twitter: @gbworld
Blog: http://gregorybeamer.spaces.live.com

*******************************************
| Think outside the box! |
*******************************************