# RFC on my new little project.



## Kreij (Apr 20, 2011)

I'm writing a little strong password generating program for the fun of it
Here's a pic of the GUI.






I'm looking for input on options and rules to make it useful for variety of purposes.

Thanks!!


----------



## 3870x2 (Apr 21, 2011)

interesting enough, we use these programs to generate user passwords for users on secret / top secret networks when they create an account.

You should try to sell this to the united states army special operations command when you are done with it.


----------



## Fourstaff (Apr 21, 2011)

I was thinking about using "seeds", so you can remember your password, and store your "seed" somewhere safe. Whenever you forget your password(s), retrieve the seed, run it pass the program, and insta retrieve! Much safer than storing your actual passwords somewhere. But that sounds like another project.


----------



## Kreij (Apr 21, 2011)

Fourstaff said:


> I was thinking about using "seeds", so you can remember your password, and store your "seed" somewhere safe. Whenever you forget your password(s), retrieve the seed, run it pass the program, and insta retrieve! Much safer than storing your actual passwords somewhere. But that sounds like another project.



That's what I had planned. An encrypted file to store the data, unecrypted in the GUI.
That's easy enough to do.

But right now I'm just look for input on options/rules. The ones I have show in the GUI are some that I've run across when having to make passwords for various things, and I'm interested in if anyone has seen other options or rules that were required when creating a password.


----------



## CjStaal (Apr 21, 2011)

How about setting the frequency of uppercase/undercase/numeric and special characters. How many of each do you want to use. Also, an option to set "X" amount of normal characters before a special character is used.


----------



## Kreij (Apr 21, 2011)

Thanks, CStall.

I was going to make it so there would never be more that 3 consecutive, similar "types" of characters, but your suggestion got me thinking.
I'm not sure exactly how to implement that as I don't want so many options that the user could potentially make the password less secure through less than judicial use of the options. :/

I'm also going to make the minimum password length 6, as a password length of 3 would not be considered "strong" by any means. 

I added the "Hex Only" option in case someone wants to generate a WEP password.

I should probably use Unicode characters for localization purposes too.

I also was going to allow the user to modify the generated password before accepting it.
That too could potential create a less than secure password, but I can do a "strong check" and warn them before actually committing the password.


----------



## 3870x2 (Apr 21, 2011)

If you can implement a dictionary text file to check against, one of our requirements demands that our passwords do not spell a word, phrase, or a name.


----------



## Kreij (Apr 21, 2011)

Hmmm ... I should probably then prompt for the username for the site also to check for easily broken derivations of the username.
Maybe I'll just take away the ability to modify the generated password. 
The odds of the generated password being anything like the username or a real word would be virtually none.


----------



## Zyon (Apr 21, 2011)

Or, you could give it a message and tell them to 'remember the password and guard it with your lives'


----------



## Kreij (Apr 21, 2011)

The passwords will be stored in an encrypted file, so they only have to remember one key to access them. Of course, if they forget the key they're up the perverbial creek without a paddle.


----------



## Kreij (Apr 28, 2011)

This is going to be encorporated into my Key-Z project.
Please use this thread to see what's going on.


----------

