That’s very nice. I never would have thought of that application of Get-Random.
From: [email protected] [mailto:[email protected]] On Behalf Of Sean Martin Sent: Thursday, February 4, 2016 10:44 AM To: [email protected] Subject: Re: [powershell] Random Password Generator You make a good point. How about this? $randombytes = new-object byte[] 15 (new-object System.Security.Cryptography.RNGCryptoServiceProvider).GetBytes($randombytes) $pass = [System.Convert]::ToBase64String($randombytes) $a = ([char[]](get-random -input (33..47 + 48..57) -count 4)) -join "" $password = $a + $pass - Sean On Wed, Feb 3, 2016 at 6:36 PM, Michael B. Smith <[email protected]<mailto:[email protected]>> wrote: The maximum entropy you get from Base64 is 2.58 bits per character, kinda by definition( ln2( 6 ) ). Given that your maximum length is 15 digits, that limits you to ~38 bits of entropy. At a thousand guesses a second, that’s about 8 years to brute force. Not bad. However, you’ve GIVEN UP over 10 bits of entropy because of four constant characters, taking you to about 28 bits of entropy. Believe it or not, having constants makes a password far far easier to crack. (This is why the revelation of a non-random non-prime in netcat/socat is such a big deal – it makes Diffie-Helman much much simpler to crack.) That’s about 3 days to brute force. That is completely believable for someone to spend the time/energy to crack. (And remember, the 3 days assumes that your password is the last one checked, out of the entire “password universe” – on average, assume half that.) So, the lesson here is that 15 bytes of base64 is fine (if impossible to remember). But don’t use constants. Evah. From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Sean Martin Sent: Wednesday, February 3, 2016 3:24 PM To: [email protected]<mailto:[email protected]> Subject: [powershell] Random Password Generator I don't get the opportunity to contribute all that often so I thought I would throw this out there in case it helps anyone. I got the method from this article: https://www.scriptjunkie.us/2013/09/secure-random-password-generation/ I modify the resulting password by prepending/appending a couple of special and numerical characters to ensure it meets complexity requirements in my current environment. Easy way to generate a secure password whenever the need arises. Critiques are always welcome. =================================================================== # Generate Random Password $randombytes = new-object byte[] 15 (new-object System.Security.Cryptography.RNGCryptoServiceProvider).GetBytes($randombytes) $pass = [System.Convert]::ToBase64String($randombytes) $password = "&#" + $pass + "82" Write-Host "" Write-Host "Your password is: " -ForeGroundColor Cyan -NoNewLine Write-Host "$Password" -ForeGroundColor Yellow Write-Host "" Write-Host "" Write-Host "Press enter to exit script..." -ForeGroundColor Cyan $Pause = Read-Host Exit ================================================================== - Sean ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1
