Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #1341 from michaellrowley/patch
Reduced password-generation predictability
  • Loading branch information
EJocys committed Jan 28, 2022
2 parents b93a957 + 4b38be3 commit 7a5b0f5
Showing 1 changed file with 14 additions and 13 deletions.
27 changes: 14 additions & 13 deletions x360ce.Web/Security/Controls/CreateUser.ascx.cs
Expand Up @@ -11,6 +11,7 @@
using SecurityClassesDataContext = JocysCom.WebSites.Engine.Security.Data.SecurityEntities;
using JocysCom.WebSites.Engine.Security;
using System.Web.UI.HtmlControls;
using System.Security.Cryptography;

namespace JocysCom.Web.Security.Controls
{
Expand Down Expand Up @@ -131,22 +132,22 @@ protected override void OnInit(EventArgs e)
}

/// <summary>
/// Generate easy to remember password.
/// Generates a pseudorandom password that cannot be predicted.
/// </summary>
/// <returns></returns>
public string NewPassword()
/// <param name="length">
/// The length of the password to be generated,
/// if left to zero - a random password-length will be generated.
/// </param>
/// <param name="charlist">A list of characters from which the password can consist of.</param>
/// <returns>A string representing a securely-generated password.</returns>
public string NewPassword(uint length = 0, string charlist = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!\"£$%^&*()_+=-{}[]:@~;'#/,.<>?\\")
{
var rnd = new Random();
string chars = "qwxzQWZX";
;
string volves = "aeiouyAEIOUY".Replace(chars, "");
string consonants = "bcdfghjklmnpqrstvwxzBCDFGHJKLMNPQRSTVWXZ".Replace(chars, "");
if (length == 0) {
length = (uint)RandomNumberGenerator.GetInt32(12, 32 + 1);
}
string password = string.Empty;

for (int i = 0; i < 8; i++)
{
string choice = (i % 2 == 0) ? consonants : volves;
password += choice[rnd.Next(choice.Length)].ToString();
for (uint i = 0; i < length; i++) {
password += charlist[RandomNumberGenerator.GetInt32(charlist.Length)];
}
return password;
}
Expand Down

0 comments on commit 7a5b0f5

Please sign in to comment.