Menu
I have done the usual Google searches and I think I am correct in saying there is no random password generator in the .NET Framework. The intentions are to reset passwords in AD for forgetful users.
This is bound to be an issue in the next stage of penetration testing. I want to avoid the response "oh yeah, I just knocked up my own generator thingy".
What are the recommendations? Surely I cannot rely on the .NET Random class and an array of characters.
Cheers.
792
While you should not rely on the Random for anything that relates to security, you should be fine using the RNGCryptoServiceProvider to generate the random data needed for building new passwords.
Also, there actually is a method in the BCL for generating random passwords, but its hidden away in the System.Web assembly. The static method Membership.GeneratePassword can generate passwords of length specified by the caller.
The GeneratePassword method is used to generate a random password and is most commonly used by the ResetPassword method implemented by a membership provider to reset the password for a user to a new, temporary password.
The generated password only contains alphanumeric characters and the following punctuation marks: !@#$%^&*()_-+=[{]};:<>|./?. No hidden or non-printable control characters are included in the generated password.
The documentation does not seem to contain any information regarding how the password is created, but the source code is available for you to have a look.
186
If you really want true randomness you should use the RNGCryptoServiceProvider class instead of Random for such tasks. Here's an example of how to create a random password in .NET.
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
