Introduction
Recently, one of my projects required a functionality where upon registering a new user in the system a password for the user had to be generated automatically. The requirement also dictated that the password generation process should support things like:
- The minimum password length should be configurable.
- The maximum password length should be configurable.
- Number of uppercase/lowercase letters appearing should be configurable.
- Password should contain at least x number of digits and or symbols.
- Password should be all uppercase or all lowercase or both.
After a little bit of Googling, I came across a very good Password Generator. Unfortunately, this was written in PERL. Since my project was being developed using MS technologies (VB/ASP), I needed a solution using these technologies and that's when I ended up creating this JavaScript function.
Script inputs
The script takes the following four input parameters:
Pattern - This basically defines the password character composition. (Default is autogenerated.)
MinLength - The minimum password length. (Default is 8 characters.)
MaxLength - The maximum password length. (Default is 15 characters.)
AllowDuplicate - Determines, if a character already used can appear subsequently. (Default is False.)
All these parameters are optional. If no values are passed, the script uses the default values. In case of the maximum password length being greater than the pattern string length, the script automatically generates a new pattern string. Actually, this behavior can be altered such that it generates (maxlength - pattern.length) pattern characters only.
Pattern string
The heart of this little script is the pattern string. This string basically contains the following:
- L - Denotes that a lower case English alphabet is desired at this position.
- U - Denotes that an upper case English alphabet is desired at this position.
- 9 - Denotes that a digit between 0-9 is required at this position.
- S - Denotes that a symbol character is desired at this position.
If the pattern string is not specified the script auto generates one. For this, I have used the Math.random function available in JavaScript. The genPattern function basically generates a random number between 1-4 and decides which pattern character to use based on it. This is repeated till the maximum password length is reached:
function genPattern(pintLen)
{
var strRet = "";
var iCntr = 0;
var rndNo = 0;
for (iCntr = 0; iCntr < pintLen; iCntr++)
{
rndNo = Math.floor((4 - 1 + 1) * Math.random() + 1)
switch (rndNo)
{
case 1:
strRet += "9";
break;
case 2:
strRet += "U";
break;
case 3:
strRet += "S";
break;
case 4:
strRet += "L";
break;
}
}
return strRet;
}
Password generation
The actual password is generated by calling the getRandomChar(strCharSet, strProcessed, blnAllowDup) function for each pattern character in the pattern string till the maximum password length is reached.
Conclusion
Overall, this is a very simple script and compared to GeodSoft's password generator, offers limited options/flexibility. However it does satisfy the normal requirements. I checked the generated passwords with GeodSoft's Password Evaluator and found out that the password generated by this script is reasonably strong.
Release history
- 4th Oct, 2005 - First release.
- 28th Jan, 2006 - Bugs fixed. (Thanks to Mike for pointing out these bugs.)
