July 28, 2004


Argh. I decided today that users needed a simple way to create a secure password to meet their system administrator's needs. So I wrote one. I'll put it in a GUI form next, but right now the basics were tiring enough for me.

I tried to write it in C++ at first, but don't know enough of that language to get around in it. Java was much simpler, but still not easy to make sure the passwords were completely random. I named it "weakestlink" after the oft quoted phrase "A chain is only as strong as its weakest link," or something like that. The class file is here.

Invoke it using the java command, per your system. Its arguments are case sensitive: Uppercase enables a parameter and lowercase disables it. The hash argument is disabled by omission, enabled by inclusion. All parameters can be stuck together (except one), and/or preceded by a hyphen, per the user's style.

Included parameters are:

  • n, for numerals. Controls whether or not a password has numerals in it. Default: On
  • l, for letters. Controls whether or not a password has letters in it. Default: On
  • c, for case-sensitivity. Controls whether or not a password is case-sensitive. Requires that letters be enabled. Default: On
  • p, for punctuation. Controls whether or not a password has punctuation characters in it. Default: On
  • s, for spaces. Controls whether or not a password has spaces in it. Default: Off
  • r, for repitition. Controls whether or not a password can have repeated characters. If off, number of possible characters must be greater than password length. Default: On
  • #, for combination or permutation calculation. Controls display of password security. Default: Off
  • a numeral, for password length. Controls password length. Must be separate from other arguments. Default: 8

The program works rather admirably. If anyone wants to comment on the source code, feel free... I am a newbie. I used the SecureRandom class over the Random and Math.random() options, because (as I understand) it is cryptographically strong, whereas the others are not. I have also noticed that the hash symbol must be preceded by another character (a hyphen or other argument) or enclosed in quotes for the shell to pass it to the program correctly. An error should also be thrown when the length of the password exceeds the number of available characters.

I hope to eventually add support for rhyming passwords and dictionary checking. Any help on efficiency and whatnot would be nifty. I should probably be going to bed now though.


Post a Comment

<< Home