You make a good point. How about this? $randombytes = new-object byte[] 15 (new-object System.Security.Cryptography.RNGCryptoServiceProvider).GetBytes($randombytes) $pass = [System.Convert]::ToBase64String($randombytes) $a = ([char[]](get-random -input (33..47 + 48..57) -count 4)) -join "" $password = $a + $pass
- Sean On Wed, Feb 3, 2016 at 6:36 PM, Michael B. Smith <[email protected]> wrote: > The maximum entropy you get from Base64 is 2.58 bits per character, kinda > by definition( ln2( 6 ) ). Given that your maximum length is 15 digits, > that limits you to ~38 bits of entropy. At a thousand guesses a second, > that’s about 8 years to brute force. Not bad. > > > > However, you’ve GIVEN UP over 10 bits of entropy because of four constant > characters, taking you to about 28 bits of entropy. Believe it or not, > having constants makes a password far far easier to crack. (This is why the > revelation of a non-random non-prime in netcat/socat is such a big deal – > it makes Diffie-Helman much much simpler to crack.) > > > > That’s about 3 days to brute force. > > > > That is completely believable for someone to spend the time/energy to > crack. (And remember, the 3 days assumes that your password is the last one > checked, out of the entire “password universe” – on average, assume half > that.) > > > > So, the lesson here is that 15 bytes of base64 is fine (if impossible to > remember). But don’t use constants. Evah. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Sean Martin > *Sent:* Wednesday, February 3, 2016 3:24 PM > *To:* [email protected] > *Subject:* [powershell] Random Password Generator > > > > I don't get the opportunity to contribute all that often so I thought I > would throw this out there in case it helps anyone. > > > I got the method from this article: > https://www.scriptjunkie.us/2013/09/secure-random-password-generation/ > > > > I modify the resulting password by prepending/appending a couple of > special and numerical characters to ensure it meets complexity requirements > in my current environment. > > > > Easy way to generate a secure password whenever the need arises. Critiques > are always welcome. > > > > =================================================================== > > > > # Generate Random Password > > > $randombytes = new-object byte[] 15 > (new-object > System.Security.Cryptography.RNGCryptoServiceProvider).GetBytes($randombytes) > $pass = [System.Convert]::ToBase64String($randombytes) > $password = "&#" + $pass + "82" > > > Write-Host "" > Write-Host "Your password is: " -ForeGroundColor Cyan -NoNewLine > Write-Host "$Password" -ForeGroundColor Yellow > Write-Host "" > Write-Host "" > Write-Host "Press enter to exit script..." -ForeGroundColor Cyan > > > $Pause = Read-Host > > Exit > > > > ================================================================== > > > > - Sean > > > ================================================ > Did you know you can also post and find answers on PowerShell in the > forums? > http://www.myitforum.com/forums/default.asp?catApp=1 > > ================================================ > Did you know you can also post and find answers on PowerShell in the > forums? > http://www.myitforum.com/forums/default.asp?catApp=1 > ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1
