Sign in to follow this  
Followers 0
BrewManNH

Password generator using a Latin Square

14 posts in this topic

#1 ·  Posted (edited)

This script is used to create and display Latin Squares and to use them to create a secure password. You would use this to create a password, as an example, by inputting the name of the site you need the password for and pressing the GeneratePW button. The resulting password will be displayed in the red box to the right of the input. The password generator uses up to 6 characters of whatever is typed into the input (n) to create a password whose length is n*2. So, for example, if you were to go to autoitscript.com and you needed a password for it, you would type in autoitscript and generate the password. Because the password generator only uses the first 6 characters, autoit in this case, it would output a 12 character password for you.

Each Latin Square you generate can be used to create 26 different passwords for the same 6 character string by selecting a different starting row for each. Each square can also generate several hundred different passwords for the same character string by selecting a different number of characters to use and a different starting row for each of those. If you also throw in that you can add either a random punctuation character or a random 1 digit number, or both, the combinations for just one square are probably a lot more than you could ever need in a lifetime even if you had to change a password every week. Plus, you can use this script to generate new squares whenever you'd like. Each time you generate a new Latin Square the square is saved to a text file called *.pwf, the filename is determined by generating the password for Autoit using that square and the first row as the starting row.

When you generate a new latin square, there is no control over it's generation, it's random as to what letters are placed where with no row or column having more than one instance of every letter. When you choose the case of the letters, by using the combobox, the mixed mode will always change the case of the letters to be the same every time. I originally had it so that the case was chosen randomly, but that made it virtually impossible to retrieve a password that was previously created.

The way this password generator works is by finding the first letter, of the string you typed in, in the starting row you've selected. It will then search the column that that letter was found in to find the second letter, then searches the row that letter was found in, and so on until it reaches the end of your string or the number of characters you've selected in the combo box. Once it has found the last letter in the search, it repeats the search using the position of that last found letter, and searches either the row or column that the letter is found in. It chooses the search direction based upon the last direction it searched in to find that last character. If it searched a row to find it, it will search the column to find the first letter in your string the second round. Depending upon the direction of the search from the last character of your string to the first character of your string (L->R/R->L/Up/Down) the 2 characters immediately adjacent to the character, and in the direction searched, are chosen for the password string. Alternating between the rows and columns it will continue adding 2 characters for every character in your string.

Searching for the string "autoit" in the square below gives you the resulting password of "XMRUQMOUHPKV" when starting the search from the first row. There is an option to select the case of the letters used to generate the password, the default is a mix of upper and lower case letters, there is also a setting for all lower and all upper case letters as well. The picture below shows how the password is found, the red line is the initial search, and the green line is the password generating search. The purple circles show where the letters are that are used to create the password. The case of the letters in the input string doesn’t matter as the searches aren't case sensitive. After the password is generated and you see it in the red square, it is also copied to the clipboard so that you can paste it into whatever you're working with that needed that password.

Posted Image

There is a checkbox that allows you to add a random punctuation character and/or a number to the password generated for any sites that require it. There are also checkboxes to save, and retrieve saved, passwords. The passwords are saved to a file called "Lsquare.dll", I used this file name only because it helps obscure your password list a tiny bit. This file is automatically encrypted and decrypted using AES 256 encryption whenever it's needed for added security from prying eyes. The file Lsquare.dll is actually an INI file the format of the ini file information is as follows:

section name = input string

key = File name of the pwf file, a space then the starting row # another space and then case used ("M" for mixed, "L" for all lower, "U" for all upper), another space and any punctuation and/or numerical characters added

value = the checkbox indicator for what extra characters were added: "+" = both boxes checked, "S" = punctuation box checked, "N" = number box checked, "0" = no boxes checked

The actual password is never put into the ini file, just the way it was generated, for protection. Plus the ini file is encrypted for even more protection from prying eyes. If you don't have the pwf file used to generate the password none of this information is going to get the password. So, even if you hack the program and get the keys used to encrypt the ini file, it's useless without the correct pwf file.

The "Load" button will allow you to load another password file, there is a verification process to check that the file being loaded is actually a password file or not. After you have loaded a new password file, if you close the program, the next time you reopen it, the last selected pwf will be reloaded, otherwise the last pwf generated will be loaded. If you are running the program for the first time, a new password file will be created and loaded into the listview.

You will need to download Melba23's to use this. I used it to show/hide the square if you wanted to. If you would rather not download that, you can comment out or delete all lines that contain any functions that reference _GUIExtender_. The script will work without using the UDF, but you lose the ability to hide the listview.

This script is heavily commented so that if you're wondering how it all works it should be in there. Also take note that the time needed to generate a new square varies widely, anywhere from a few seconds to over several minutes. The process can get quite complicated as it generates the lines further into the square, and you may see it pausing for a while at some of the lines in the 20's. I put some consolewrite code in that let me follow the progress of the process, and also tells me how many times the line had to be reset before it could come up with a valid line. I've seen the number of attempts at over 3,000 in some cases for just one line.

This script will generate any number of reasonably secure passwords, but it's only as secure as the computer you're using it on and whether or not anyone can access the script, the INI file, and the Latin square file used to generate the password. If you lose the *.pwf file used you won't be able to retrieve the password. If you lose access to the ini file, but still have the *.pwf files, you may be able to recreate the password but it will be very tough to do so because of the numerous factors that determine how the password is generated.

As always, if there are any bugs, or you're not sure how something works, or a modification is politely asked for, please feel free to leave a comment.

You can create a password using more than 6 characters of your passphrase by looking at the comments at lines 560 and 561, just remember, the password generated is twice as many characters as the passphrase used.

LatinSquare.au3 download link

EDIT:Changed download link

Edited by BrewManNH

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites



Link doesnt work! :oops::bye:

Share this post


Link to post
Share on other sites

Link doesnt work! :oops::bye:

Yes it does, it links to Dropbox, so maybe you can't get to Dropbox from where you're trying to download it.

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

Latin Square Password Generator (and manager/repository). I thought I'd experiment with this program and also perhaps see if I could take advantage of this code to generate a 27x27 grid (advantages: a different way to handle the double letter problem in domain names; easier to keep place visually in grid due to irregular pattern of 27th character; other ideas for using grid manually while keeping hands on keyboard). I'm absolutely new to AutoIt and could use some help. I've glanced at AutoIT several times over the years as it has been highly recommended in some forums but I didn't have sufficient need to make it worth learning. TRIED I installed AutoIt. I downloaded LS (actually, opened and then copied text) and GUIExtender. I unzipped GUIExtender and put the myLS.au3 in the same folder. Several GUIExtender examples work. I can create and run the "hello" script per getting started. BUT when I execute myLS.au3, I get an error: Line 530 .... $ButtonStart = _GUIExtender_Section_Start(0,95) $ButtonStart = ^ ERROR Error: Incorrect number of parameters in function call. I suspect this is because I'm using the new GUIExtender. SETUP Vista Updated IE9 (IE9: thanks Microsoft), FF, and Chrome 31 LS.au3 and GUIExtender.au3 are in the same folder. ISSUES 1. Can't see spoiler "show" in '?do=embed' frameborder='0' data-embedContent>>

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

Oops: post yesterday appears to be missing Issues 2,3,4 and Questions 5-8, IIRC. I can't recreate them but I'll try to continue from above anew. The questions were Latin Square specific but the issues varied, IIRC.

ISSUE 1: Can't show spoilers in GUIExtender new version post, so can't read what needs to be changed.

ISSUE 2: Sometimes this forum appears oddly formatted in IE9. Also reproduced twice in another browser (Chrome?). Examples: see page 1 of thread correctly but page 2 is almost just text; Advanced search entry OK but results format lost.

GOAL 1: Use LatinSquare.au3

GOAL 2: Generate a valid 27x27 Latin Square and display/print it. (Just LS, not the complete application.)

GOAL 3: Modify original application to correspond to an easier to use manual system using 4 base characters (versus 6) and 4 character password fragments (versus 2), that is 4x4 instead of 6x2. Author has already identified area that needs to change for number of base characters.

GOAL 4: Maybe a working app with 27x27 grid & 4x4 password.(I can dream!)

QUESTION 1: Is old GUIExtender needed/sufficient? Where can I download old GUIExtender? (Messed up search results are hard to read as are many messed up threads.)

QUESTION 2: Is there an updated LatinSquare script? Can I update it based on instructions I can't display? If so, are instructions elsewhere?

QUESTION 3: Could someone give me a few examples to get me started of what needs to be commented out per author's comment about GUIExtender? Is this just a couple of lines? Dozens?

QUESTION 4: 27x27 Grid. The place I'd start: find all 25 / 26 and change them to 26 / 27; add character (symbol) to allowed string. Gotchas: Lowercase for "27th character/symbol"? Symbols that AutoIt won't process easily (e.g., semicolon). Advice?

QUESTION 5: Has anyone already modified LatinSquare.au3 for 4x4 instead of 6x2? I'd start by increasing the number of LS characters read to 4 and ensuring destination size is sufficient (16 characters -- 18 with digit/symbol. 27x27 adds problem of what to do when "27th character/symbol" is encountered. Advice?

Edited by BillR5

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

 

Does this use letters only? like the image or can it use numbers and other chars like $

 

Perhaps you could elaborate on your question: Seeking a grid of a different size (e.g.,9x9 with numerals)? Or desiring a resulting password that includes several numerals or symbols? Or ???

The script has an option to include a numeral and/or symbol in the output password. As the grid is a (case insensitive alphabetic) Latin Square and the defined method of deriving a password is based on each character appearing exactly once per row and column I'm not sure the question makes sense without context. If you are not familiar with Latin Squares, think Sudoku rows and columns (but no 3x3 subgrids!): that is a 9x9 Latin Square. Or perhaps Sudoku was what you had in mind? And my apologies if you are an applied math major!

@Chimaera, perhaps you would be willing to provide some guidance while I experiment? One of the first things I'll try anyway on the way to growing from a 26x26 grid to a 27x27 grid is to experiment with substituting a symbol for a character in the defined set (A-Z) and track down the U/L case change code. Note, this will "break" the actual app as whatever letter I substitute can no longer be part of the input string (e.g., A-->*, so website name fragment or other passphase can not include "A" so I could not create a password for this site based on the first 6 characters - AUTOIT). Just quickly poking around I don't see an impediment to substituting some special symbols (or numerals) for the initial case insensitive grid population.

I suspect the hardest part of developing this script was coming up with a practical algorithm that would complete the square in both a reasonable amount of time and with acceptable randomness. This last might be a flaw (from an ideal randomness standpoint, a definite flaw) although quantifying it is far beyond me.

Edited by BillR5

Share this post


Link to post
Share on other sites

Im a math dunce m8, i was curious only from the perspective that i always make passwords with other symbols to make them harder for people to break.

BrewmanNH will be the best for guidance not me ;)

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

A strong password (today) should consist of a minimum of 12 characters including uppercase, lowercase and numbers. This applies to English / Western alphabets (62 available characters in total). If you leave out numbers from the selection set, your password will need to be longer than 12 characters. Leave out upper case and it would need to be longer still.

You can easily calculate the minimum password length required based on the set of characters available for selection and maximum speed potential for a defined number of processors (running on one or more machines) trying to brute force it.

If it takes 1000 years to BF on one machine, 1000 hackers will be able to get your password within a year using a combined effort.

Edited by czardas

Share this post


Link to post
Share on other sites

Does this use letters only? like the image or can it use numbers and other chars like $

You can add random punctuation characters if you select it as an option, it will add them to the end of the generated password. The square generation can be modified to include other characters than just letters, but I didn't build it that way as it's more of a hassle.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

#11 ·  Posted (edited)

I have a few observations after poking around in the Latin Square Password Generator (LSPG) implemented by BrewManNH.

SETUP - The LSPG requires Melba23's GUIExtender UDF. I was somewhat confused because there are at least three versions (my terminology): the original, the "new"(er) original, and the "new"(est). The new(er) matches the LSPG. Download this zip [the new(er)]:

http://www.autoitscript.com/forum/index.php?app=core&module=attach&section=attach&attach_id=36707

near the bottom of

'?do=embed' frameborder='0' data-embedContent>>

but _NOT_ the one in the Melba23 footer [the new(est)].

As BrewManNH notes you can remove/comment out the calls to GUIExtender. This can be accomplished by commenting out approximately 12 individual lines.

ISSUE: 120 DPI - The application does not work well when a user chooses the "Larger scale (120 DPI)" instead of the "Default scale (96 DPI)" for Windows (see "DPI Scaling" or "Adjust font size" in the Control Panel).

- WARNING - 16 character password (7*2+2) overflows password display

- Input/Output: Complete text cannot be displayed.

- Checkbox - Text is hard to read and difficult to select.

- Buttons - Text is truncated

- LS Grid - Complete grid cannot be seen at one time.

CLARIFICATION: Password digit or punctuation symbol - Each named Latin Square has a single randomly selected punctuation symbol and a digit from the set !@#$%^&*()_+}{][ and 0-9, respectively. All passwords based on that named Latin square use one of the four possible suffixes (none, symbol, digit, both). Each time a password is computed, a (different) random suffix set is generated.

WARNING - This means that a password can NOT be recomputed from the same grid (as far as I can tell).

ISSUE - Minimum length test happens before removing non-letters (but after removing white space) so "X!@ #1 23" (with or without quotes!) generates a two character password (based on the single character) despite restriction that initial value must be at least two characters.

ISSUE - When Regenerate (the LS) is pressed and an input string exists and a password also exists, the password remains the old password based on the old named LS. This could create confusion.

ENHANCEMENT: Display revised input value - Given that possibly significant changes may take place I would like to see the actual value used for the calculation.

I'm still investigating a few other ideas but most of them would be enhancements. A few are:

- Adding a more prominent notice/warning while a new Latin Square is being (re)generated. I have a working draft.

- Adding an option to increase the number of password letters per base/input letter from two to three or four (e.g., a base of "XY" would create a six "EjUHMl" or eight letter "EjUHMlaW" password).

- Automatically substituting letters for digits based on the first column of the current named Latin square.

- Automatically substituting letters for a few common symbols such as period and hyphen (common in URLs) and at sign and underscore (common in email addresses). I'm not sure this is actually a good idea but it might be needed to handle very short but valid URLs such as X.COM or BL.UK or G.CN or U.TV or VA (all real! http://va is valid -- no period! -- or try www.va ).

- Multiple duplicate letters (e.g., try AA and AAAA and AAAAAA) can create an internalling repeating password.

- Using a 27x27 grid to reduce duplicate and traversal problems, especially when using the grid manually. After hacking this script to use a 27x27 grid I'm becoming more partial to the idea.

ASIDE / QUESTION - BTW, if anyone has any ideas about why I have to refresh each page sometimes multiple times before the AutoItScript forum displays properly, please pm me. With Chrome I think exactly one refresh per page works.

Edited by BillR5

Share this post


Link to post
Share on other sites

 

ISSUE: 120 DPI - The application does not work well when a user chooses the "Larger scale (120 DPI)" instead of the "Default scale (96 DPI)" for Windows (see "DPI Scaling" or "Adjust font size" in the Control Panel).

- WARNING - 16 character password (7*2+2) overflows password display

- Input/Output: Complete text cannot be displayed.

- Checkbox - Text is hard to read and difficult to select.

- Buttons - Text is truncated

- LS Grid - Complete grid cannot be seen at one time.

That's not an issue with the script, it's an issue any script will have when you use non-standard settings. I don't account for non-standard settings mainly because they're non-standard.

CLARIFICATION: Password digit or punctuation symbol - Each named Latin Square has a single randomly selected punctuation symbol and a digit from the set !@#$%^&*()_+}{][ and 0-9, respectively. All passwords based on that named Latin square use one of the four possible suffixes (none, symbol, digit, both). Each time a password is computed, a (different) random suffix set is generated.

WARNING - This means that a password can NOT be recomputed from the same grid (as far as I can tell).

It can't be recomputed from the same grid, but it can be reconstructed by the use of the INI file it generates (if you've chosen the save option).

ISSUE - Minimum length test happens before removing non-letters (but after removing white space) so "X!@ #1 23" (with or without quotes!) generates a two character password (based on the single character) despite restriction that initial value must be at least two characters.

I developed this as an exercise, it's not heavily error proofed, and there's things done in it that I would definitely do differently today than I did when I wrote this nearly 2 years ago.

I'm still investigating a few other ideas but most of them would be enhancements. A few are:

- Adding a more prominent notice/warning while a new Latin Square is being (re)generated. I have a working draft.

- Adding an option to increase the number of letters per base letter from two to three or four (e.g., a base of "XY" would create a six "EjUHMl" or eight letter "EjUHMlaW" password).

- Automatically substituting letters for digits based on the first column of that named Latin square.

- Automatically substituting letters for a few common symbols such as period and hyphen (in URLs) and at sign and underscore (in email addresses). I'm not sure this is actually a good idea but it might be needed to handle very short but valid URLs such as X.COM or BL.UK or G.CN or U.TV or VA (all real! http://va is valid or try www.va).

It doesn't have anything whatever to do with URLs, that was a suggestion to use this as a password generator for certain URLs such as google, and using that as the input salt.

Feel free to modify this in whatever way you'd think would work best. As I said, I only did it as an exercise to demonstrate the process, and because someone had mentioned it in a post at the time which got me thinking about the best way to do it.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

BrewManNH, you and others have been very generous of your time in developing, polishing, and then posting scripts. A lot of thought clearly went into just developing the basic algorithms and procedures of this one. I will go out on a limb and speculate that this script is much more "finished" than it needed to be just to satisfy your curiosity. Would it be appropriate to describe it as a working and useful prototype?

You have also implemented several features that move LSPG beyond simple password generation to password management (with mandatory password generation).

That's not an issue with the script, it's an issue any script will have when you use non-standard settings. I don't account for non-standard settings mainly because they're non-standard.

Re: 120 DPI

Failure to build for 120 DPI is a pet peeve. I consider this setting a basic option, especially with the prevalence of laptops (small screens), large screens (enough room), and aging eyes (mine!), rather than a non-standard setting. Although most(?) applications work with 120 DPI, given the number of applications it breaks, that view is far from universal. I attempted to document the shortcomings, especially with the password display. I've very roughly fixed the layout to sort of work with 120 DPI although the vertical size still causes problems.

It can't be recomputed from the same grid, but it can be reconstructed by the use of the INI file it generates (if you've chosen the save option).

Re: Suffix

You CAN reconstruct a password provided save option was used (RTFM, sigh -- reread post 1 in this case). The script even does it automatically. I note the distinction in your comment between "recomputed" and "reconstructed".

Initial create:

- Enter string such as Apple

- Check checkboxes for punctuation, digit, and save

- Press GeneratePW

- Note password value (value is also on the clipboard) and also length setting.

Recreate password:

- Check checkbox for Recover Password (Note: Clears other three checkboxes and changes button text)

- Enter a string such as "Apple" (or "BLUEberry")

- A selection box pops up for "Apple" that includes the string without whitespace and non-letters (Apple), the name of the Latin Square, starting row, and suffix options and text (value of punctuation and/or digit for that password). Length is implicit because the modified form of the input string is stored ("Apple" or "BLUEber" assuming the default length of seven).

I developed this as an exercise, it's not heavily error proofed, and there's things done in it that I would definitely do differently today than I did when I wrote this nearly 2 years ago.

I will continue to note errors, omissions, and gotchas from my perspective for the benefit of other users. Eventually someone may undertake maintenance/enhancement. I've already tried to fix a few on my copy but given my AutoIt skills (or rather lack thereof), the mess I've made of your code whaling away at it, and either the insignificance or unfinished state of the changes, the changes are not ready for review. When I accumulate several changes that I am confident do not break anything and are worthwhile, I'll consider posting them for critical review.

I am curious what you would do differently, or at least the categories of change.

It doesn't have anything whatever to do with URLs, that was a suggestion to use this as a password generator for certain URLs such as google, and using that as the input salt.

Re: Possible changes to accommodate URLs

I should not have said "URLs" but rather "domain names". Domain name might be the secondary domain (e.g., "google") or the top two levels (e.g., "google.com"). The advent of custom top level domains (e.g., Google and Apple) may make getting enough initial letters more difficult.

When I was a DBA, I might have used LSPG for the several sets of machine accounts and 200+ db accounts across several releases of production/test/development environments for multiple databases. Now the obvious use of the LSPG is for all those online accounts many of us accumulate (like BillR5 on AutoItScript or the multiple Yahoo, Google, and MSN/HoTMaiL/Live/flavor-of-the-year email accounts) that should be different from each other and reasonably secure. The domain name is an obvious choice for the input string for most of these.

I have come to consider 14 semi-random letters (a-zA-Z) a bare minimum for even an infrequently frequented forum password. Even if LSPG were modified to handle a few more input characters (something that even I could probably manage) or to select sequences of three instead of two letters per input letter, there remains the problem of having the right size input string after modification. If the domain name is very short (like the examples I cited) and/or has several non-letter characters (like a-1.com, another real site), then the generated password will be too short as well. Including the top level domain suffices for most cases but occasionally the period would also be helpful.

Feel free to modify this in whatever way you'd think would work best. As I said, I only did it as an exercise to demonstrate the process, and because someone had mentioned it in a post at the time which got me thinking about the best way to do it.

And think you (or someone) clearly did! And code. And document.

I do have some probably quirky ideas to try out (e.g., fully incorporating the 27x27 grid). Fortunately you have already done most of the work.

Finally, thanks for the _very_ quick reply. I think you all but replied faster than I could fix a few words and add a few lines to my prior post.

Share this post


Link to post
Share on other sites

You could use something like this to make short entries a standard length.

$string = "aol"
If StringLen($string) < 14 Then
    For $I = StringLen($string) To 14
        $string &= "x"
    Next
EndIf
ConsoleWrite($string & @CRLF)

You'd have to adjust the number 14 to whatever you wanted as the standard length, remembering that the password is going to be twice as long as the maxcharacters setting.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Similar Content

    • CarlD
      By CarlD
      I'm a command-line kind of guy, and I write scripts primarily for myself.  Since many websites nowadays require strong passwords, I thought I'd write a simple password generator in AutoIt. I know that AutoIt mavens have written more elaborate pw generators; I offer mine for what it's worth. The compiled script, GenPass.exe, can be downloaded here. See below for Help text and source. Enjoy!
      Updates:
      2017-05-06: Default password changed to variable length of 13-22 characters; argument "1" no longer supported
                            When compiled as GenPW.exe, password is sent directly to the clipboard, no message box unless password generation fails.
      2017-05-05: Correction to bypass password generation if argument is ?|H|h
      2017-05-03: Added special argument 1 to generate a password of variable length (10-18 characters) including two (2) separator characters
      2017-05-02: Added option /S to set a (persistent) randomization seed
      Help:
      GenPass.exe|GenPW.exe -- CLD rev. 2017-05-06
      Generate a strong password and save it to the Windows clipboard
      Note: GenPW.exe has the same functionality as GenPass.exe, but
            sends the generated password directly to the clipboard.
            No message box is displayed (unless password generation fails).
        
      "Strong" means that the password contains random combinations of
      alphnumeric characters, including at least one uppercase letter
      (A-N,P-Z), one lowercase letter (a-k,m-z), and one number (0-9).
      (Generated passwords do not use uppercase O or lowercase l as
      these characters are easily confused with the numbers 0 and 1.)
      The length of the password is up to you (see Usage, below),
      but needless to say, the longer, the stronger.
      By default, GenPass generates a strong password of between 13
      and 22 characters that includes two of the following separator
      characters: $%&()*+,-./:;@[]_. Alternatively, you can supply a
      command-line argument in which any number n from 1 to 9 stands
      for a random sequence of alphanumeric characters of length
      n, and any other character stands for itself. Thus, you can
      include fixed words and other characters, such as separators,
      in the generated password. Spaces in the argument are converted
      to underscores. Here are some examples:
      Usage             Sample output
      -----             -------------
      GenPass           MqU26A*6dS-53r8
      GenPass 9         frdhPYDs9
      GenPass 58        weoXYHKxDI1uQ
      GenPass 5.5       UfA6j.43VBB
      GenPass 3-4-3     0I0-6gq4-njc
      GenPass 5,3.7     I2FSR,tRZ.fjeIsFy
      GenPass 3)5(3     UMf)m8513(CBq
      GenPass 3[haha]3  yLa[haha]P3y
      GenPass Yes way5  Yes_way1BsUh
      Seed Option (/S)
      ----------------
      Adding switch /S to the command-line argument causes GenPass to
      set a seed for the random generation of password characters. A
      bare /S sets a randomized seed which is written to disk in a file
      named GenPass.rnd; this seed is used for all subsequent launches
      of GenPass with the bare /S option. Alternatively, you can specify
      a seed (range -2^31 to 2^31-1) on the command line with /S [seed].
      Here are some examples:
      GenPass /S
      GenPass /S 33.3333
      GenPass 5,5,5 /S
      GenPass 5,5,5 /S 33.3333
      Note that any subsequent launch of GenPass without the /S option
      will cause GenPass.rnd to be deleted.
      Source:
      #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Outfile=GenPass.exe #AutoIt3Wrapper_UseUpx=y #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** #cs GENPASS.AU3 -- AutoIt v3 CLD rev.2017-05-05 ------------------ Generate a strong password and save it to the clipboard >> Command GenPass ? for detailed help << ------------------------------------------------------- #ce #include <Clipboard.au3> #include <FileConstants.au3> #include <MsgBoxConstants.au3> #include <StringConstants.au3> AutoItSetOption("WinTitleMatchMode", -4) FileInstall ("d:\path\GenPass.htm", @ScriptDir & "\GenPass.htm", $FC_OVERWRITE) ; Template/Seed Local $sTemp = "" Local $bSeed = False, $fSeed=False If $CmdLine[0] Then $sTemp = $CmdLineRaw If $CmdLine[$CmdLine[0]] = "/s" Then $bSeed = True $sTemp = StringTrimRight($sTemp, 2) $sTemp = StringStripWS($sTemp, $STR_STRIPTRAILING) EndIf If $CmdLine[$CmdLine[0] - 1] = "/s" Then $bSeed = True $fSeed = $CmdLine[$CmdLine[0]] $sTemp = StringTrimRight($sTemp, 3 + StringLen($fSeed)) $sTemp = StringStripWS($sTemp, $STR_STRIPTRAILING) EndIf EndIf If Not $sTemp Then $sTemp = "8" If $sTemp = "1" Then $aSeps = StringSplit("#$%&()*+,-./:;@[]_", "") $sTemp = String(Random(3,6,1)) & $aSeps[Random(1,$aSeps[0],1)] & _ String(Random(2,4,1)) & $aSeps[Random(1,$aSeps[0],1)] & _ String(Random(3,6,1)) EndIf $sFn = @ScriptDir&"\GenPass.rnd" If $bSeed Then If Not $fSeed Then If Not FileExists($sFn) Then $fSeed = Random(-1.999^31,1.999^31,0) $h=FileOpen($sFn,2) If $h > -1 Then FileWrite($h,$fSeed) FileClose($h) Else Exit MsgBox($MB_ICONWARNING, @ScriptName, "Error opening " & $sFn) EndIf Else $h=FileOpen($sFn) If $h > -1 Then $fSeed=FileRead($h) FileClose($h) Else Exit MsgBox($MB_ICONWARNING, @ScriptName, "Error opening " & $sFn) EndIf EndIf EndIf SRandom($fSeed) Else If FileExists($sFn) Then FileDelete($sFn) EndIf ; Show help If StringInStr("?Hh", $sTemp) Then If WinExists("[REGEXPTITLE:GenPass.exe:.*]") Then WinActivate("[REGEXPTITLE:GenPass.exe:.*]") Else ShellExecute(@ScriptDir & "\GenPass.htm") EndIf Exit EndIf ; Main $sTemp = StringReplace($sTemp, " ", "_") $iC = 1 While $iC < 10001 $sPW = GenPW($sTemp) If $sPW Then ClipPut($sPW) If Not StringInStr (@ScriptName, "GenPW") Then _ MsgBox($MB_ICONINFORMATION, @ScriptName, $sPW & _ " saved to clipboard" & @CRLF & @CRLF & _ @ScriptName & " ? shows detailed help") Exit Else $iC += 1 EndIf WEnd Exit MsgBox($MB_ICONWARNING, @ScriptName, "Password generation failed!") ;------------------------------- Func GenPw($sTemplate) Local $aIn = StringSplit($sTemplate,"") Local $sOut = "" Local $sABC = _ "0123456789ABCDEFGHIJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz0123456789" Local $aAB = StringSplit($sABC, "") Local $bUC = 0, $bLC = 0, $bNR = 0 For $i = 1 To $aIn[0] If Int($aIn[$i]) Then $iK = $aIn[$i] For $j = 1 To $iK $iR = Random(1, $aAB[0],1) Select Case StringInStr("0123456789", $aAB[$iR]) $bNR = 1 Case StringInStr("ABCDEFGHIJKLMNPQRSTUVWXYZ", _ $aAB[$iR], $STR_CASESENSE) $bUC = 1 Case StringInStr("abcdefghijklmnpqrstuvwxyz", _ $aAB[$iR], $STR_CASESENSE) $bLC = 1 EndSelect $sOut &= $aAB[$iR] Next Else $sOut &= $aIn[$i] EndIf Next If ($bUC And $bLC And $bNR) Then Return $sOut Else Return 0 EndIf EndFunc  
    • Fenzik
      By Fenzik
      ; Title .........: Password
      ; AutoIt Version : 3.3.14.2
      ; Description ...: UDF to work with passwords. Mostly ported from Javascript at http:rumkin.com/tools/password/passchk.php and improved a bit
      ; Author(s) .....: Fenzik + Team Adaptech
      ; #CURRENT# =====================================================================================================================
      ;_Password_Generate
      ;_Password_GetcharsetSize
      ;_Password_GetEntropy
      ;_Password_IsCommonWord
      ;_Password_Startup
      ; ===============================================================================================================================
       
      It's my first UDF so please be nice.:)
       
      If somebody have better idea how to store common dictionary and frequency table please post here...
       
      Have fun!
       
      Fenzik
       
      Password.zip
    • colombeen
      By colombeen
      Hi guys,
      I have a pretty advanced question...
       
      This is the issue i'm facing :
      On a regular basis we need to install pfx certificates (with password protection) on devices from external companies.
      To install the certificate we always have to contact the user, setup a really dull and long process to get an RDP session to that device, install the certificate.
       
      I'm looking for :
      a way to generate exe files on the fly, that will include the pfx file and password, and automatically install them without any interaction from the user, and the user not being able to retrieve the password to install the certificate.
       
      Question :
      Is this possible with AutoIT? And if so, does anyone have a working example for the certificate installation part or the auto generate with file include?
       
      Thx in advance
      colombeen
    • 31290
      By 31290
      Hi Guys, 
      Hope you're fine today!
      I'd like to create a small GUI that, when clicking a button, the password set in the GUICtrlCreateInput is revealed and when the click is released, the password is hidden again. W8/10 style in fact...
      Here's what I have so far:
      #include <ButtonConstants.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> Opt("GUIOnEventMode", 1) f_RemedyUpdate() While 1 Sleep(10) Wend Func f_RemedyUpdate() $gMailCreds = GUICreate("SEE CHECKLISTS", 300, 140) GUISetBkColor($Color_White) GUISetFont(8.5, 700, 0) GUICtrlCreateLabel("Password required for your account" , 5, 10) GUICtrlCreateLabel("Your Password:", 10, 70, 100, 30) $g_PassInput = GUICtrlCreateInput("", 110, 66, 150, 20, $ES_PASSWORD) GUICtrlSetColor(-1, 0x800080) $g_ShowPassButton = GuiCtrlCreateButton ("", 270, 67, 16, 16, $BS_ICON) GUICtrlSetImage(-1, "C:\eye.ico") GuiCtrlSetOnEvent ($g_ShowPassButton, "f_ShowPassword") $g_SubmitBtn = GUICtrlCreateButton ("Submit", 120, 100, -1, -1, $BS_DEFPUSHBUTTON) GUICtrlSetOnEvent(-1, "f_SendMail") GUISetOnEvent($GUI_EVENT_CLOSE, "_exit") GUISetState(@SW_SHOW) EndFunc Func f_ShowPassword() $s_PWD = GuiCtrlRead ($g_PassInput) If $s_PWD = "" Then Msgbox (64, "Your password", "You did not type any password") Else Msgbox (64, "Your Password", "You typed --> " & $s_PWD & " <-- as password.") EndIf EndFunc I've enclosed the small ico file I'm using 
      Thanks in advance for any help provided
      -31290
       
      eye.ico
    • Graeme
      By Graeme
      I have code to enter password using the setting $ES_PASSWORD. It seems that with this setting you can't enter more than the letters that fill box. Can anyone tell me how to enter more characters?
      GUICreate("Password Test",500,200) $Input = GUICtrlCreateInput("Password",10,20,40,50,$ES_PASSWORD) GUISetState(@SW_SHOW,"Password Test") While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE GUISetState(@SW_HIDE,"Password Test") ExitLoop EndSwitch WEnd If GUICtrlRead($Input) <> "" Then MsgBox(0,GUICtrlRead($Input),"Done") With this code you can only enter 4 characters of password.