Random password generators

Hi, I'm not particularly hot on java but thought you might know the answer to this question:
Is it possible for a Java random password generator to give a "rude" password? Recently I've seen a password generated for a user that happened to be very offensive. I guess it is possible?
Any thoughts?

Similar Messages

VBScript Truly Random Number/Password Generators?

So... I have a script that generates random passwords for use in a project in VBS. The code used to generate the password is something that is very similar to this blog post:
http://blogs.msdn.com/b/gstemp/archive/2004/02/23/78434.aspx. And considering every random-number generator in VBS that I was able to find appears to be based (at least, in part)
off of this code, I'm looking for something that is reliable.
The above blog article basically states that the builtin Rnd and Randomize functions are not functionally secure for password generation because of the small number of "seeds" that vbscript has builtin to it's randomize/rnd functions. And because of
this small number of seeds, it's relatively easy to deduce the password because of it. So ultimately, I'm asking to know if there is a reliable way to generate, "truly random" numbers that are secure enough for password values (through random number
-> ANSI character translation)?
The article talks about the Crypto API being able to generate truly random numbers but I wasn't able to find any documentation on how to access the Crypto API from VBS. Can anyone provide any assistance on either of these two questions? Thanks.

@Richard
The Rnd() function does not appear to be good enough for me. I'm testing password generation on different machines at startup and writing those values to AD. What I've seen is a preponderance of either "very close" or identical passwords from
using this general code:
Randomize
rndNum = Int((122 - 33 + 1) * Rnd + 33)
...who's value gets converted to a character and appended to a string that gets repeated x times to generate a password. To show you what spawned this entire thread, my computers (that are all running this at startup), are generating passwords that
look like this:
"ua*td"4poYAp=SlL
#ua+td"4ppZBq>SlL
#vb+ue#5qpZBr>TmM
$wc-vf$6rq[Ds?UnN
$wc-vf$6rq[Ds?UnN
$wc-vf$6rr[Ds@UnN
-%k5$n,>zzdL!H^vV
%wd-vf%6sr\Ds@VoN
&ye.xh&8ts]EtAWpP
&ye/xh&8tt]FuBWpP
(!g0zj(:vu_GwCYrR
(!g0zj(:vu_HwCYrR
)!g1zj(:vv`HwDZrR
)!h1!k):wv`HwDZsS
*"h2!k);wwaIxEZsS
*"i2!k*;xwaIxE[tS
*#i2"l*<xwaIyE[tT
*#i3"l*<xxbJyF[tT
*6"F5%=O11u]2Yo-g
,$j4#m+=yycKzG]uU
,%k5$n,>zycL!H]vV
.'m6&p.@"!eM"I_xX
/'n7&p/@#"fN#J`yX
:2xB1!9K--qY.Uk)c
:2xB1!9K--qY.Uk)c
:2xB1!9K--qY.Uk)c
:2yB1!9K.-qY.Uk)c
:2yB1!9K.-qY.Uk)c
:2yB2":K.-qY.Uk*d
:3yC2":L..qZ/Vk*d
:3yC2":L..qZ/Vk*d
;3yC2":L..rZ/Vl*d
;4zC3#;M/.rZ0Vl+e
;4zC3#;M/.rZ0Vl+e
;4zD3#;M/.r[0Vl+e
?7#G6&>P22v^3Zo.h
?7#G6&>P22v^3Zo.h
?7#G6&>P22v^3Zp.h
?7#G6&>P32v^3Zp.h
?7$G6&>P32v^3Zp.h
?7$G7'?P32v^3Zp/i
?8$G7'?Q32v^3Zp/i
?8$Gn^v.jjS<k8MfF
?8$H7'?Q32v_4Zp/i
@8$H7'?Q33w_4[q/i
@9%I8(@R43w`5[q0j
@9%I8(@R44w`5\q0j
[S?cRBZlNN8zOv2J*
[S@cRB[lON8zOv2K*
[S@cRBZlON8zOv2J*
[T@cSC[mON8zPv2K+
[T@cSC[mON8zPv2K+
[T@dSC[mOO9!Pw2K+
\kW!jZr*ffP8g4IbB
\T@dSC[mOO9!Pw2K+
\T@dSC[mOO9!Pw3K+
\T@dSC[mOO9!Pw3K+
\T@dSC[mOO9!Pw3K+
\TAdSC[mPO9!Pw3L+
\UAdTD\nPO9!Qw3L,
\UAeTD\nPP:"Qx3L,
]UAeTD\nPP:"Qx4L,
]VBeUE]oQP:"Qx4M-
]VBfUE]oQP:#Rx4M-
^VBfUE]oQQ;#Ry4M-
^VCfUE]oRQ;#Ry5M-
^WCfVF^pRQ;#Ry5N.
^WCfVF^pRQ;#Ry5N.
_WCgVF^pRR<$Sz5N.
_WCgVF^pRR<$Sz5N.
_WCgVF^pRR<$Sz6N.
_WCgVF^pRR<$Sz6N.
_XDhWG_qSS<%T!6O/
`XEhWG_qTS=%T!7O/
`YEhXH`rTS=%T!7P0
`YEhXH`rTS=%U!7P0
`YEhXH`rTS=%U!7P0
`YEhXH`rTS=%U!7P0
`YEhXH`rTS=&U!7P0
`YEiXH`rTS=&U!7P0
`YEiXH`rTS=&U!7P0
`YEiXH`rTT=&U"7P0
+#i3"l*<xxbJyF[tT
+#i3"l*<xxbJyF[tT
+$j3#m+=yxbJyF\uU
+$j4#m+=yxbKzF\uU
<4!D4$<M0/s[0Wm,f
<4zD3#;M//s[0Wl+e
<5!D4$<N0/s[0Wm,f
<5!E4$<N0/s\1Wm,f
=5!E4$<N00t\1Xm,f
=5"E4$=N10t\1Xn-f
=6"E5%=O10t\2Xn-g
=6"E5%=O10t]2Xn-g
=6"F5%=O11t]2Yn-g
=6"F5%=O11t]2Yn-g
>6"F5%=O11u]2Yn-g
>6#F5%=O21u]2Yo-g
>6#F5&>O21u]2Yo.g
>7#F6&>P21u]2Yo.h
>7#G6&>P21u^3Yo.h
0(n8'q/A##gO$KayY
0(n8'q/A##gO$KayY
0(o8(r0A$#gO$KazZ
0(o8'q/A$#gO$KayY
0)o9(r0B$#gP%KazZ
0)o9(r0B$#gP%KazZ
0)o9(r0B$$gP%LazZ
1)o9(r0B$$hP%LbzZ
1)o9(r0B$$hP%LbzZ
1*p:)s1C%$hQ&Lb![
1*p:)s1C%%hQ&Mb![
1*p9)s1C%$hQ&Lb![
2*p:)s1C%%iQ&Mb![
2+q:*t2D&%iQ&Mc"\
2+q:*t2D&%iQ'Mc"\
4,s<,v4E('kS(Oe$^
4'm7&p.@"!eN#I_xX
4-s<,v4F('kT)Oe$^
5.t=-w5G)(lT)Pf%_
5.t=-w5G)(lT*Pf%_
5.t=-w5G)(lU*Pf%_
5.t>-w5G))lU*Qf%_
5.t>-w5G))lU*Qf%_
5-s=,v4F((lT)Pe$^
6.t>-w5G))mU*Qf%_
6.t>-w5G))mU*Qg%_
6/u?.x6H*)mV+Qg&`
6/u?.x6H**mV+Rg&`
6/u?.x6H**nV+Rg&`
7/u?.x6H**nV+Rh&`
70v?/y7I+*nV,Rh'a
70v@/y7I+*nW,Rh'a
70v@/y7I++nW,Sh'a
81wA0z8J,,oX-Ti(b
81wA0z8J,+oX-Si(b
81wA0z8J,+oX-Si(b
81wA0z8J,+oX-Si(b
91wA0z8J,,pX-Tj(b
91xA0z8J-,pX-Tj)b
92xA1!9K-,pX.Tj)c
92xA1!9K-,pX-Tj)c
92xA1!9K-,pX-Tj)c
92xB1!9K-,pY.Tj)c
A:&I9)AS54x`5\r1k
A:&I9)AS54x`6\r1k
A9%I8(@R44x`5\q0j
A9&I9)AR54x`5\r1j
aYEiXH`rTT>&U"7P0
aYEiXH`rTT>&U"7P0
aYEiXH`rTT>&U"8P0
aYEiXH`rTT>&U"8P0
aYEiXH`rTT>&U"8P0
aZFiYIasUT>&U"8Q1
What you see above is a snippet of the passwords that each computer generates and writes to AD and then sorted through PowerShell to show the similarities/identicals. I'm only running this on 300ish systems and they seem to be relatively close.
As you stated, I'm not sure if the number generators you provided (which were awesome btw) are necessary but unless I'm implementing the Randomize/Rnd functions completely wrong, these passwords seem to be WAY to close for comfort. I think I'm going
to try a variation of the GUID usage and run it for awhile to see how "frequent" passwords appear similarly:
Low = 33
High = 122
For i=0 to 100
WScript.Echo "END: " & GetRandomInt(Low,High)
Next
Function GetRandomInt(iLowPart,iHighpart)
iLowPartLen = Len(iLowPart)
iHighPartLen = Len(iHighPart)
' Loop through dynamically generated GUIDs until we find a string of characters that meet the criteria
Do
' Generate a starting point to read out of a 32-bit GUID string
Randomize
iGuidLow = Int(((32 - 8) - 1 + 1) * Rnd + 1)
' Generate a GUID
objGuid = CreateObject("Scriptlet.TypeLib").Guid
' Strip out the dashes and braces and pull an 8-character section of the GUID from the provided starting point
strGuid = Mid(Replace(Replace(Replace(CStr(objGuid), "-", ""), "{", ""), "}", ""), iGuidLow, 8)
' Convert back to a number
iGuid = Abs(CLng("&h" & strGuid))
iGuidLen = Len(iGuid)
' Generate the span of characters to generate given the high/low vals
Randomize
iLengthVal = Int((iHighPartLen - iLowPartLen + 1) * Rnd + iLowPartLen)
' Loop through the GUID-fragment-converted-to-number to find a value between the given numeric span
For iStartPos=1 to iGuidLen
iSegment = CInt(Mid(iGuid, iStartPos, iLengthVal))
If iSegment >= iLowPart And iSegment <= iHighPart Then
Exit Do
Else
If iSegment > iHighPart Then
Exit For
End If
End If
Next
Loop Until iStartPos > iGuidLen
GetRandomInt = iSegment
End Function

OIM 11g R2 - User random password Generation

Hi All,
In my case users are getting created in OIM using Trusted source reconciliation and need to populate a random password for each user.
Please suggest me which of the following methods is better and why?
Method 1: Created a post Event Handler and populate password attribute. This case I created a custom Post event handler and populated password attribute and is success but the password stored in database is plain text and so not able login to Adminconsole with same password. So, how to encrypte password and then store in DB?
Method 2: Create entity adapter and attach to user form using Data object manager
Or, please suggest me any other best way.
Thanks in advance.

Hi,
Users are being created thru trusted source recon and password is not automatically getting populated. I verified it, by checking USR_PASSWORD attribute in USR table and it is empty.

Generating a random password and sending a userid through mail to the user

HI,
I have a field named UserID in the process form,this user id can only be accessed by the GIA PROVISIONING ANALYST for updation of the userid to provision the resource to some related id of the user .I want to send this user ID from the process form in a mail to the target user,moreover i also want to include a password field nd also send a random password to the user.In short i want to obtain the values of user id and password send it in a email to the target user

This is the body of my email template:
Request number: <Request Information.Request ID>
The following access has been granted:
Name: <Request Information.List of user targets being requested for>
ID: <User Profile Information.User Login>
Resource: <Object Information.Object Name>
Updated UserID:<Process Data Information.RSS User Name>
In this case the "Updated UserID " is to be obtained from the Process Form and has to be sent in the mail.
"RSS User Name" is the field label in the process form.when this email is sent iam not able to retrieve the values .The same statement ie."Updated UserID:<Process Data Information.RSS User Name>" is displayed in the email .
I have even tried giving <Process Information.RSS User Name> and <Process Data Information.Process Name.RSS User Name> still the value is not obtained.Plz guide me through this.

Pages created a random password for my document on my iPad. I have no idea what it is and I can't open my document. HELP!!!

Pages created a random password for my document on my iPad. I have no idea what it is and I can't open my document. HELP!!!

How old is your son?
Under the Spanner in Pages there is Set Password where you create a password with hint. You really have to deliberately dig this out to do it.
Do you get a hint when you are asked for the password?
The Password is very secure, if you can't remember what it is, you will have to recreate the document.
Peter

How to create a procedure to change randomly passwords

Hello,
I am trying to create a procedure to change randomly passwords for all users in a database. I need this after the database cloning. I have too many users to alter in a manual way...
Is there any option to create a procedure which will fetch all users in a database and alter them by a random password?
I was not able to find any clue.
Could you help me?
Thanks

Welcome to the forum.
change randomly passwords for all users in a database.All users? Including SYS/SYSTEM? I hope not...
But you could use DBMS_RANDOM.STRING and ALL_USERS and dynamic SQL.
http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14258/d_random.htm#sthref4675
http://download.oracle.com/docs/cd/B19306_01/server.102/b14237/statviews_2114.htm#REFRN20302
http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14261/dynamic.htm#LNPLS01101
(easy to find when you do a quick search from http://www.oracle.com/pls/db102/homepage or http://www.oracle.com/pls/db112/homepage)
DBMS_RANDOM.STRING can give you a random password easily:
select dbms_random.string('x', 10)
from   dual
connect by level <= 10;Zo you could do something like:
begin
for rec in ( select t.username
               ,      dbms_random.string('x', 10) new_pass
               from   all_users t
              -- where t.username not in (...)
              -- or
              -- where t.username in (...)
loop
    --execute immediate ' alter user '||rec.username||' identified by '||rec.new_pass;
    dbms_output.put_line ('New password for user '||rec.username||' = '||rec.new_pass);
end loop;
end;
/You'll have to fill in the where-clause yourself/
I also commented out the dynamic alter user statement, since I'm not sure if you really want to reset the pwd's for all users.
Also, instead of using dbms_output.put_line to check the new passwords, you could insert them in a table or spool the output to a file.

Disable random Password generation button on Reset Password popup window.

Hi ALL,
We have a new requirement when user click on reset password tab on "Modify User" page, a pop up window will open with two options :
1) Manually change the Password
2) Auto-generate the Password (Randomly generated)
I want to remove or disable this 2nd option. Can you please guide me what necessary changes required?
Thanks,
Amit

It's easy enough to generate a random password. Use a
constant string containing your alphabet (different
systems have different rules about what characters
are allowed). Then us Random first to generate a
suitable length, then to pick a character from your
alphabet for each slot. If there are further rules
(e.g. "must contain at least one digit") then check
the password you've just generated and if it fails
the test, simply try again.
But this isn't a particularly good system. It allows
anyone to harrass a user by changing their password
if they can guess their user name.
The approach I favour is to send the user a one-time
click-thru URL in an e-mail which allows them to set
their password to anything they chose. That needs a
special table in some data base. You generate a
random token which acts as a one-shot password on a
special "change password" page. As soon as the click
through has been used then the database entry is
deleted so that the token is invalidated. You should
also invalidate the token if they log on in the
normal way.I agree that the 'forgot your password' feature is nasty. I mean, we are normally enjoined from saying "invalid user id" or "invalid password", we have to say "invalid user id / password combination" or something to that effect. But by providing the 'forgot your password' feature, it would be trivial to write a bot to see which sites provide this, determine a good page from a bad (e.g., valid user id) and then have an easier time brute-forcing the password. Sad.
On the other hand, I know personally that many companies are concerned with phishing attacks on their customers. As such, they have a blanket policy prohibiting any URL that hits a secured page in any way.
So, what to do? :^(
- Saish

How to lock a user by using random password?

hello,
i need to lock a user from a target system by pushing in random passwords for the accounts. i am successfully able to create an adapter that can generate a random string, but the place where i am stuck is that where to use it as i just need to lock the user and not delete it. if the corresponding manager approves the suspension then the account needs to be deleted else again the account needs to be enabled.
Please help!
Thanks!

ok... sorry...
so what i did is that i have created a resource that has to be provisioned to the user if the user is to be terminated, in which the manager will mention the user to be terminated and the reason.
now OIM has to lock the user till the reason that has been given by the manager is deemed valid by the second level manager.
so for that i have a approval and a process form and processes associsted with them. but the problem is that i need to lock the user using the "Entity Adapter" so i need to do so only in the "Data Object Manager" and thus the problem starts as i dont know where to map the adapter that generates the random password so as to lock the user.
please, if you find anything confusing here, go thru the discussion in the whole of the thread.
Thanks!

Getting the random password to user email or manager email

Hi All,
when the user is created then the random password generated successfully.
Now i want sent the generated password to User Email or Manager Email.
For that how can I approch for this.
Regards,
ADR

Write your logic to send email in the same class which is responsible for generating password for user:
Re: Send Mail via java code but using Mail Definitions

Create new random password

Hi,
I use PHP and MySQL within Dreamweaver
I want my client to be able to generate a new random password
for a new member.
How should I do this?
Create a list of random passwords or
can I create it on the fly while registering a new member?
I don't want the new member to create his own password.
Thanks to all people contributing to this forum.
I learned a lot here allready.
I hope you can also help me out with this one.
Jos

> can I create it on the fly while registering a new
member?
That would be the best way.
I have used this to produce random, 8 character passwords
(the database part
is to make sure that they are unique) -
function randomkeys($length)
$pattern =
"234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
for($i=0;$i<($length);$i++)
if(isset($key))
$key .= $pattern{rand(0,strlen($pattern)-1)};
else
$key = $pattern{rand(0,strlen($pattern)-1)};
return $key;
mysql_select_db($database_selectData, $selectData);
$query_rsPasswords = "SELECT contactPassword FROM
tblcontactdata";
$rsPasswords = mysql_query($query_rsPasswords, $selectData)
or
die(mysql_error());
$row_rsPasswords = mysql_fetch_assoc($rsPasswords);
$totalRows_rsPasswords = mysql_num_rows($rsPasswords);
$masterList=array();
$passwords=array();
$rsPasswordList = mysql_query("SELECT contactPassword FROM
tblcontactdata",$selectData)
or die(mysql_errno()." : ".mysql_error());
while ($rec = mysql_fetch_row($rsPasswordList)){
$passwords[] = $rec[0];
$unique = false;
while ($unique === false) {
$temp = randomkeys(8); // this is generating a random
8-character p/w
if(!in_array($temp, $passwords)) {
$newPassword = $temp;
$unique = true;
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go
- DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs,
Tutorials & Resources
==================
"arnhemcs" <[email protected]> wrote in
message
news:[email protected]...
> Hi,
>
> I use PHP and MySQL within Dreamweaver
> I want my client to be able to generate a new random
password for a new
> member.
>
> How should I do this?
> Create a list of random passwords or
> can I create it on the fly while registering a new
member?
> I don't want the new member to create his own password.
>
>
>
>
> Thanks to all people contributing to this forum.
> I learned a lot here allready.
>
> I hope you can also help me out with this one.
>
> Jos
>

Random Password Generator

Hi everyone, I made this Password Generator that does what I want, but I'd like to extend its functionality. Right now it creates a random password from an array of letters and numbers.
import java.io.*;
import javax.swing.*;
import java.util.*;
*Version 0.1:
*creates several random passwords using numbers,
*uppercase and lowercase letters
*Version 0.2:
*add a save feature
public class PasswordGeneratorV02
    public static void main(String[] args)
         * Define all variables and create all objects here
        // create the Number and Letter arrays
        Integer[] numberList = new Integer[10];
        String[] letterList = new String[12];
        //Variable to continue the while loop
        Boolean cont = true;
        //Scanner used to continue or not
        Scanner input = new Scanner(System.in);
        //Stores the user input
        String answer;
         * End variables
        //fill the letterList array
        //need to find a more efficient way to do this
        //and add all the letters of the alphabet
        letterList[0] = "a";
        letterList[1] = "F";
        letterList[2] = "c";
        letterList[3] = "R";
        letterList[4] = "y";
        letterList[5] = "O";
        letterList[6] = "p";
        letterList[7] = "W";
        letterList[8] = "q";
        letterList[9] = "n";
        letterList[10]= "E";
        letterList[11]= "w";
        // fill it with numbers 0-9
        for (int i=0; i < numberList.length; i++)
            numberList= i;
// make both arrays lists so we can shuffle them
List list = Arrays.asList(numberList);
List list2 = Arrays.asList(letterList);
//Start the output to user
System.out.println("Welcome to the random password generator!");
System.out.println("This program will create a random 20 character alphanumeric password.");
System.out.println();
//Shuffles the array contents then prints it out.
while(cont == true)
// shuffle the list
Collections.shuffle(Arrays.asList(numberList));
Collections.shuffle(Arrays.asList(letterList));
// print out the shuffled array contents
for (int i : numberList)
System.out.print(i + letterList[i]);
System.out.println();
System.out.println("Press Enter for a new password. Q to quit.");
answer = input.nextLine();
//check to see if user wants to quit
if(answer.equalsIgnoreCase("q"))
cont = false;
System.out.println("Goodbye...");
}I would like to change/add two things.
1st, I want to change the array of letters to include the full alphabet(lower and uppercase), with out having to type it in.
2nd, I would like to add a save feature where the user types in "S" at the prompt and it will allow them to save the password as a text file.
Thanks in advance.

Ok well, I googled around and found something.
The output now displays letters, but it no longer shuffles them around. For example:
6A8B7C4D2E0F5G1H3I9J
Every letter is just the next letter in the alphabet. How would I shuffle an array of chars?
New code:
import java.io.*;
import javax.swing.*;
import java.util.*;
*Version 0.1:
*creates several random passwords using numbers,
*uppercase and lowercase letters
*Version 0.2:
*add a save feature
public class PasswordGeneratorV02
    public static void main(String[] args)
         * Define all variables and create all objects here
        // create the Number and Letter arrays
        Integer[] numberList = new Integer[10];
        char[] letterList = "ABCDEFGHIJKLMNOPQRSTUWVXYZabcdefghijklmnpqrstuvwxyz".toCharArray();
        //Variable to continue the while loop
        Boolean cont = true;
        //Scanner used to continue or not
        Scanner input = new Scanner(System.in);
        //Stores the user input
        String answer;
         * End variables
        // fill it with numbers 0-9
        for (int i=0; i < numberList.length; i++)
            numberList= i;
// make both arrays lists so we can shuffle them
List list = Arrays.asList(numberList);
List list2 = Arrays.asList(letterList);
//Start the output to user
System.out.println("Welcome to the random password generator!");
System.out.println("This program will create a random 20 character alphanumeric password.");
System.out.println();
//Shuffles the array contents then prints it out.
while(cont == true)
// shuffle the list
Collections.shuffle(Arrays.asList(numberList));
Collections.shuffle(Arrays.asList(letterList));
// print out the shuffled array contents
for (int i=0;i<numberList.length;i++)
System.out.print(numberList[i] + String.valueOf(letterList[i]));
System.out.println();
System.out.println("Press Enter for a new password. Q to quit.");
answer = input.nextLine();
//check to see if user wants to quit
if(answer.equalsIgnoreCase("q"))
cont = false;
System.out.println("Goodbye...");

Random password generation

Hi All,
We have a link on login page "Forgot Password" ?
As users clicks the link, idea is he goes to page that has emails address and submit button.
As user enters his emails address and clicks submit, the mechanism gemerates a new password and sends it over to his email address.
My question is, "I dont know how to generate that new random password."
Is there a code around, that I can use ?
thanks a lot,
pp

It's easy enough to generate a random password. Use a
constant string containing your alphabet (different
systems have different rules about what characters
are allowed). Then us Random first to generate a
suitable length, then to pick a character from your
alphabet for each slot. If there are further rules
(e.g. "must contain at least one digit") then check
the password you've just generated and if it fails
the test, simply try again.
But this isn't a particularly good system. It allows
anyone to harrass a user by changing their password
if they can guess their user name.
The approach I favour is to send the user a one-time
click-thru URL in an e-mail which allows them to set
their password to anything they chose. That needs a
special table in some data base. You generate a
random token which acts as a one-shot password on a
special "change password" page. As soon as the click
through has been used then the database entry is
deleted so that the token is invalidated. You should
also invalidate the token if they log on in the
normal way.I agree that the 'forgot your password' feature is nasty. I mean, we are normally enjoined from saying "invalid user id" or "invalid password", we have to say "invalid user id / password combination" or something to that effect. But by providing the 'forgot your password' feature, it would be trivial to write a bot to see which sites provide this, determine a good page from a bad (e.g., valid user id) and then have an easier time brute-forcing the password. Sad.
On the other hand, I know personally that many companies are concerned with phishing attacks on their customers. As such, they have a blanket policy prohibiting any URL that hits a secured page in any way.
So, what to do? :^(
- Saish

Do random number generators (RNGs) depend on sequential number generation?

Hi,
I know that random number generators (RNGs) are guaranteed to be random as N (the number of numbers generated) approaches infinity, but what does the specification say about throwing away the RNG after a single use?
That is, is there a difference between generating 1000 numbers using the same generator versus generating 1000 generators and reading at one number from each?
Is there a difference between the normal RNGs and the cryptographically-strong ones for this?
I ask because I am wondering whether a web server needs to maintain a RNG per client session, or whether it can share a single generator across all clients, or whether it can create a new generator per HTTP request. Does any of this affect how random the resulting numbers will be (from the client point of view, as T approaches infinity)?
Thank you,
Gili

ghstark wrote:
cowwoc wrote:
I know that random number generators (RNGs) are guaranteed to be random as N (the number of numbers generated) approaches infinityHow do you know this? it is a challenge just to come up with a formal definition for the "random" in "random number generators".
Wasn't this covered in your [earlier thread|http://forums.sun.com/thread.jspa?threadID=5320382&messageID=10369834] ?
You're right, but what bothered me about that thread is that the replies concluded that since there is no practical proof that SecureRandom has a problem that should be good enough. I'm looking for a code sniplet guaranteed by the specification (hence portable across implementations) to generate random numbers. No one has yet to provide such an answer.
What's to guarantee that if I move to a different platform, vendor or even a different version of Sun's JVM that my code won't magically break? Verifying randomness isn't a trivial matter.

Reset Password :Non Random Password

When an admin resets a users password via Reset User Password workflow a random password is generated. In the Reset User Password workflow I am unable to identify the activity that does the generation. I would like to instead set a default static password, is this possible?
Thank you,
Clear

Hi,
Actually password generation is part of Reprovision process in Reset User Password workflow. can see below trace :
Argument op = reProvision
Argument accountId = KSolanki
Argument options = object
Argument retryEnable = true
Calling application 'com.waveset.provision.WorkflowServices'
Application requested argument op
Application requested argument user
Application requested argument options
Application requested all arguments
Application requested argument subject
Application reference retryInfo = null
Application requested argument retryEnable
Application assignment retryInfo.timeout = 0
Application reference retryInfo =
<Object>
<Attribute name='timeout'>
<Integer>0</Integer>
</Attribute>
</Object>
Application requested argument doResources
Application reference AllowPasswordGeneration = null
Application requested argument allowPasswordGeneration_
~ Ketan

How to create a javabean that generate random password?

May i know how to create a javabean that can generate random password?
that include character and string
and length of 10.

i created a class file for my java bean
package autogenerate;
import java.util.*;
public class GeneratePwId
private int MemId;
private String Passwd;
public GeneratePwId(){}
public String getPasswd()
return this.Passwd;
public void setPasswd()
char[] letters = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
'J', 'K', 'L', 'M', 'N', 'P', 'R', 'T',
'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c',
'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k',
'm', 'n', 'p', 'q', 'r', 's', 't', 'u',
'v', 'w', 'x', 'y', 'z', '0', '1', '2',
'3', '4', '5', '6', '7', '8', '9' } ;
String pwd = "" ;
while( pwd.length() < 10 )
pwd += letters[ (int)( Math.random() * letters.length ) ] ;
this.Passwd = pwd;
i successfully compile my java file. and try to test it by writing a jsp file.
here is my jsp code
<html>
<head>
<title>
Try retrieving password
</title>
</head>
<body>
<jsp:useBean class"autogenerate.GeneratePwId" id="bean0" scope="page"/>
<%=bean0.getPasswd()%>
</body>
</html>
but i encounter this error
org.apache.jasper.compiler.ParseException: /jsp/GetPasswd.jsp(7,18) Attribute class has no value
anyone can teach me how to solve this problem?
thanks a alot!

Random password generators

Similar Messages

Maybe you are looking for