• tommyh (8/19/2010)


    Very complex passwords indead. However some observations

    insert @tbl values(ascii('^'), 3)

    Im not sure i would classify that as being benign. Since that char combined with another can create a single char. Like ê which is ^ + e.

    Also have you done any statistics on how often "Too Complex or length is too short after 10 attempts" will happen? I have run the code a few times and i get that error a tad to often for it to be good. 31 errors in 1000 passwords. So about 1/32 is bad. Not that great odds (well maybe it was the odds of winning a million $ it would be ;-))

    Yes, it started out as an exercise in selecting random values within a range, and I applied to password generation. Random passwords have been done several different ways, I just haven't seen one that tries to match AD complexity rules in t-sql form. This is an attempt that works for me and my organization, and it's a handy template we use probably 30 to 50 times a week.

    As to the special characters, benign is in the eye of the beholder ... you can categorize your own degrees of dangerous or take special chars out altogether.

    The "too complex or too short" message isn't an error. I just didn't want to spin too many cycles trying to come up with a password if it could never meet the criteria. You can take that governor off, but if you let it spin with criteria that can never be true, you'll end up killing it anyway. For example, if you set the password length to 3 and require 4 categories, you'll never get a password that meets your criteria. So I said "try 10 times and let me know." Set the password length to 4 and you'll see what I mean. My personal version of the script has retries as a variable (more complexity ... so I actually left that out).