Password generation
This summer, I wrote some useful java classes for generating random passwords.
Creating random password can be useful in situations such as the following:
- A user forgot his password for our application. Our application sends an email with a new temporary password.
- We want to verify, if a mobile phone number submitted by user is correct. Our application sends an SMS with the new temporary password.
- A user of our application creates a new account for his colleague or family member. Our application creates a temporary password for that account.
- For our own purposes. We want to create a good password for our personal usage.
Creating a random password is not so easy as might by thought. There are two commons errors with this:
- The password generated is an inelegant word, for example: “1something2″. We doesn’t want to send such a password to our potential clients.
- The password generated contains problematic characters, for example: “1″ and “l” or “O” and “0″. There is a problem, when the user rewrites the password from one device to another, e.g.: from a mobile phone to a web application running on a laptop.
That’s why in my application I create password in the form: 2 letters followed by 1 digit followed by 2 letters followed by 1 digit and so on. For example: ab2cd3ef4. Of course, the randomly – generated password contains only safe characters.
I decided to publish this classes to the open source community. You can use my library in your application on LGPL terms. Here is an example of usage:
// create a new one time password for sending via sms or email // (4 chars - about 1e5 unique combination) String password = new PasswordGenerator().generate();
// create a new strong password // (8 chars - about 1e10 combination) String strongPassword = new StrongPasswordGenerator().generate()
Using this library is simply for maven2 fans. If you are not already a fan of maven2, I advise you to become one. In your maven2 application in pom.xml file add a dependency:
<dependency> <groupId>eu.jakubiak</groupId> <artifactId>jakubiak-generators</artifactId> <version>1.0-SNAPSHOT</version> </dependency>
You have to download and build the source by typing:
svn checkout http://jakubiak-generators.googlecode.com/svn/trunk/ jakubiak-generators-read-only cd jakubiak-generators-read-only/jakubiak-generators/ mvn clean install
You should see the success message. Now the installation is completed and you can use this library.
By the way, I also wrote classes for creating a random MD5 number and for creating a random key. MD5 is obvious. The random MD5 numbers are commonly used in web applications, for example as a session cookie. In such a scenario a KeyGenerator class is an improved replacement for the random MD5. The KeyGenerator class create a huge random number bigger than the MD5. (“Bigger” in this case means a potentially larger number is possible). This number is encoded using 62 safe for URLs chars: a-z, A-Z, 0-9. Thanks to that its string representation is shorter and more safe than a hexadecimal encoded MD5.
// create a statistically unique key // (22 chars safely for URLS - about 2e39 unique combination) String key = new KeyGenerator().generate();
// create a random MD5 and encode it hexadecimal // (32chars - 2^128 combination) String md5 = new Md5HexGenerator().generate();
You can also write your own generator, by implementing IGenerator interface.
