Better Password Generator

by Dmitry Kirsanov 16. March 2018 02:58

The Why

Like a pro system administrator, I have to reset and generate passwords. A few per day. They are for different purposes and of different kind – PINs, short passwords, long password, the ones for web services, terminals, windows users – you name it.

Previously, to generate the password I was using Password Safe – the password managing utility originally made by Bruce Schneier. Everything was more or less fine, but in order to use specific policy (or set of rules) I would have to open my password safe, and I would prefer not to.

I wanted to have more flexible tool, fast and compact, that would do everything I want and then some more. Eventually I’ve got a few hours to invest into it.

The What

PG1
I copied the UI of password generation dialogue from Password Safe, as it’s both ergonomic and habitual. And then I added few elements which made this app unique and, let’s be honest, better tool.

The new features are:

  • Ability to add Cyrillic (Russian) and Chinese (Simplified) characters – either as an addition (mix) or replacement to English alphabet.
  • Use adjacent characters on standard QWERTY keyboard.
  • Automatically copy generated passwords to clipboard.
  • Some tweaks to how passwords are generated.

Features

Each password has defined length and groups of characters that it has to include. Namely – lowercase, uppercase, digits and symbols. For each group you can specify the minimum number of characters that must be present in the password. There can be more, but not less. If you will specify more characters for specific groups than there are for the password at all (e.g. want 5 lowercase and 5 uppercase for 9-character password), the total length of the password will be increased.

Easy To Read

Some characters look like other characters or numbers. In that case it’s better to remove both if you are going to send them by SMS or if recipient is expected to struggle while entering them from screen or paper. For example – O looks like 0, 1 like l (that was lowercase L) or I (uppercase i), and so on.

Adjacent characters

It’s easier to remember your password, if characters form a geometric figure. And to form such they have to be adjacent. Try to type the PIN 145858 – if you will use the right keypad, you will notice that they form an easy to memorize figure. This feature is great for PIN codes, but could also be used for passwords. Bear in mind, that applying this technique to passwords make them much less secure, if attacker knows that such principle was applied.

Pronounceable passwords

Another feature for better memorizing or spelling is Pronounceable Passwords – this way password is generated as combination of syllables. This will make your password much less secure, just like using Adjacent characters.

Adding Cyrillic (Russian) characters

English alphabet contains 26 characters. This means that 8 characters long password will contain over 208 billion variations. Russian alphabet contains 33 characters, which make almost 7 times more variations. Mix them together in a password, and you’ll get 703 times stronger password than with plain English. It’s fair to say that 8 character mixed password is stronger than 10 character English one.

Even if you can’t type Cyrillic, you can still copy-paste them, as they are perfectly normal Unicode (or ASCII CP 855) characters, so if you are using password managing applications, then Cyrillic may serve you well.

Like the English one, the Cyrillic passwords make use of Easy to Read, Adjacent and Pronounceable features.

When you select “(mix)”, the password may contain both English and Cyrillic characters, but if you select “Cyrillic letters only”, no English characters will be used.

Note, that if you select “easy to read characters” and mix English with Cyrillic, Russian uppercase letters that look like English ones (O,C,K,M,P,T,A,X,B,E) will be replaced with English counterparts. No lowercase characters will be replaced, although they may look alike too.

Adding Chinese (Simplified) characters

Whether you are Chinese or not, the Chinese Simplified characters would make your passwords very impractical to brute force. There are about 2663 characters which produce passwords about twelve quadrillion times stronger than English for standard 8 character password. It’s the same, as having 550 characters long English password. And you still can copy-paste it even if you aren’t Chinese. And if you are – you would have no problem to type it as well.

There are no Easy To Read, Adjacent or Pronounceable features for Chinese, no pun intended.

Named Policies

Once you created your perfect password, you can save your settings and give it a name. For example – “Pin4”, “Pin6”, “Super Secure” and so on. Usage is quite simple – click “Edit policies” and then it’s straightforward.

Application saves all policies into one file. It’s up to you where it will be stored, and once you save it the app loads it automatically (the file name is stored in Windows Registry). If there are no more policies left, the file is deleted. You can import file from one computer to another, importing will preserve existing policies, but will add those that aren’t in local repositories.

Installation

Application required .NET Framework 4.5. If you don’t have it, it will let you download and install it automatically – that’s embedded functionality of .NET Framework, no rocket science here.

Application doesn’t require admin privileges or network access. Obviously.

There is no installation file, just unpack the exe from rar file and run.

PassGen.rar (52.73 kb)

Tags:

blog comments powered by Disqus

Month List