SQLServerCentral / Discuss Content Posted by Peter Larsson / Article Discussions / Article Discussions by Author / Full Control Over a Randomly Generated Password / Latest Posts

RE: Full Control Over a Randomly Generated Password

SwePeso — Thu, 26 Apr 2007 23:48:00 GMT

It doesn't matter.

When you want non-duplicated characters from a group, the while loop exits when there are no more characters to choose from.

Even if you set 50 non-duplicated characters, the while loop exits after 26.

RE: Full Control Over a Randomly Generated Password

Michael Valentine Jones — Thu, 26 Apr 2007 08:20:00 GMT

This link below has my own procedure for generating a somewhat mnemonic password, as well as several others for generating random or semi-random passwords:http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=78859

It is an interesting problem, because of the conflicting requirements of security where long, random passwords are better, and the ability of a human to read, remember, and type the password. A password like B4zI1=5UhW4K6KM'3 is probably almost impossible to crack, but how many people can remember it and type it correctly?

My mnemonic password procedure is an attempt at a compromise solution to generate passwords that are both secure and something that a human can remember and use. It could be done better, but it was the best solution I could think of at the time to meet my requirements.

RE: Full Control Over a Randomly Generated Password

David-389924 — Wed, 25 Apr 2007 06:48:00 GMT

Nice job, I’ll use it for sure.

I was using, since always, Left 4 of a new guid + Left 4 of a new guid (uppercase)

Kind of…

Thanks

RE: Full Control Over a Randomly Generated Password

David le Quesne — Wed, 25 Apr 2007 06:20:00 GMT

This is a great idea, I am going to use it in my application. I have re-written it as a function though (for consistency with standards of my system) by creating a view for the NEWID() function:

CREATE VIEW v_NewID AS SELECT NEWID() AS 'New_ID'

and modifying the code to use the view rather than NEWID()

eg:

-- Get the Number ItemsSET @i = ABS(@NumberItems) WHILE @i > 0 AND LEN(@Numbers) > 0 SELECT @v = ABS(CAST(CAST(New_ID AS BINARY(16)) AS BIGINT)) % LEN(@Numbers) + 1 , @c = SUBSTRING(@Numbers, @v, 1) , @Numbers = CASE WHEN @NumberItems < 0 THEN STUFF(@Numbers, @v, 1, '') ELSE @Numbers END , @Temp = @Temp + @c , @i = @i - 1 FROM v_NewID

David

RE: Full Control Over a Randomly Generated Password

Stephen Hirsch — Wed, 25 Apr 2007 05:55:00 GMT

A thought for generating passwords non-randomly: use your birthday in the Jewish (or Muslim or Persian or whatever) calendar. Therefore, if you forget it for whatever reason, you can regenerate it from a web site.

RE: Full Control Over a Randomly Generated Password

Liaqat Saeed-417319 — Wed, 25 Apr 2007 04:45:00 GMT

Well, its a nice solution and working prefect.

RE: Full Control Over a Randomly Generated Password

ALZDBA — Wed, 25 Apr 2007 02:48:00 GMT

Nice solution.

I've been using spc_random_password of Written by Narayana Vyas Kondreddi http://vyaskn.tripod.com (Stored procedure to generate a simple or complex random password from almost when it was published (2001).

RE: Full Control Over a Randomly Generated Password

adrshen — Wed, 25 Apr 2007 01:00:00 GMT

Hi,

I always think that when ever i find some time spare than i will write this one.But u did and did in a nice way

RE: Full Control Over a Randomly Generated Password

Charles Kincaid — Tue, 24 Apr 2007 22:54:00 GMT

Very good!

One problem though. Your code to limit the password length does not work if I pass negative numbers. When the specs are negative then they can't be more negative ten the number of items in the list. You can't call for more than 26 non-duplicated upper case letters as there are only 26 of them.

Full Control Over a Randomly Generated Password

SwePeso — Tue, 20 Feb 2007 17:41:00 GMT

Comments posted here are about the content posted at http://www.sqlservercentral.com/columnists/plarsson/2878.asp