Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

Creating 10 character passwords...

asevie

By asevie
in The Left Brain

 Share

This topic is 5991 days old. Please don't post here. Open a new topic instead.

Recommended Posts

asevie Apprentice

asevie

Posted
  • Author
Posted

I came up with this, any weaknesses you can see? This is to create a random password in a table that will have between 7000-10000 records? I made it 8 characters long and I took out zeros and shaped it so that the passwords are a little more memorable, example peg4vev7 or rin4tan8.

Middle ( "bcdfghjklmnpqrstvwxyz" ; ((Random * 100)/5) ; 1 ) &

Middle ( "aeiouaeiouaeiouaeiouaeiou" ; ((Random * 100)/4) ; 1 ) &

Middle ( "bcdfghjklmnpqrstvwxyz" ; ((Random * 100)/5) ; 1 ) &

Middle ( "123456789" ; (Random * 10) ; 1 ) &

Middle ( "bcdfghjklmnpqrstvwxyz" ; ((Random * 100)/5) ; 1 ) &

Middle ( "aeiouaeiouaeiouaeiouaeiou" ; ((Random * 100)/4) ; 1 ) &

Middle ( "bcdfghjklmnpqrstvwxyz" ; ((Random * 100)/5) ; 1 )&

Middle ( "123456789" ; (Random * 10) ; 1 )

mr_vodka Grand Master

mr_vodka

Posted
Posted

See this post.

http://fmforums.com/forum/showpost.php?post/293154/

comment Grand Master

comment

Posted
Posted

Weaknesses in which aspect?

In terms of calculation, (Random * 100)/5 is exactly the same as Random * 20, so you could simplify that bit. Also, your calc is prejudiced towards the first letter in the string - it will get picked twice as many times as any other. A better formula would be:

Middle ( string ; Ceiling ( Random * Length ( string ) ) ; 1 )

In terms of security, conforming to a pattern of @@@#@@@# makes a brute-force attack more feasible. I'd have to sit down and make some calculations to say how much easier, but I'd guess significantly - especially since the attacker only needs to see 2 passwords to discern the pattern.

asevie Apprentice

asevie

Posted
  • Author
Posted

Weaknesses in which aspect?

In terms of calculation, (Random * 100)/5 is exactly the same as Random * 20, so you could simplify that bit. Also, your calc is prejudiced towards the first letter in the string - it will get picked twice as many times as any other. A better formula would be:

Middle ( string ; Ceiling ( Random * Length ( string ) ) ; 1 )

In terms of security, conforming to a pattern of @@@#@@@# makes a brute-force attack more feasible. I'd have to sit down and make some calculations to say how much easier, but I'd guess significantly - especially since the attacker only needs to see 2 passwords to discern the pattern.

Classic, the 100/5 or * 20 thing, I was heading off in a different direction when I started and then modified as I went along. Never dawned on me to look at the simple logic to simplify. Thanks for the suggestions!

This topic is 5991 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept