Generate Random Passwords
Whether you’re at a help desk resetting passwords or setting up service accounts, you always need to be able to generate good random passwords. You know, the kind nobody wants to type more than once.
The correct horse battery staple method popularized by XKCD is where you string together four words to create passwords with lots of entropy. There are cryptographers who question how well something like that would work. Bruce Schneier advises against such methods.
This is why the oft-cited XKCD scheme for generating passwords — string together individual words like “correcthorsebatterystaple” — is no longer good advice. The password crackers are on to this trick.
With that fad out the door, we might as well go back to the tried and true random password. Passwords that are still safe against brute force attacks. Below are two functions I use to generate new passwords.
Generating Passwords
First up is ConvertFrom-CharToPhonetic. This function does one thing. It turns characters into the NATO phonetic alphabet equivalent. It also capitalizes the word when the character is capitalized.
Function ConvertFrom-CharToPhonetic {
param(
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[string]$String
)
BEGIN { }
PROCESS {
foreach ( $Char in $String.GetEnumerator() ) {
$Translator = @{
'a' = 'Alfa';
'b' = 'Bravo';
'c' = 'Charlie';
'd' = 'Delta';
'e' = 'Echo';
'f' = 'Foxtrot';
'g' = 'Golf';
'h' = 'Hotel';
'i' = 'India';
'j' = 'Juliett';
'k' = 'Kilo';
'l' = 'Lima';
'm' = 'Mike';
'n' = 'November';
'o' = 'Oscar';
'p' = 'Papa';
'q' = 'Quebec';
'r' = 'Romeo';
's' = 'Sierra';
't' = 'Tango';
'u' = 'Uniform';
'v' = 'Victor';
'w' = 'Whiskey';
'x' = 'X-ray';
'y' = 'Yankee';
'z' = 'Zulu';
'0' = 'zero';
'1' = 'one';
'2' = 'two';
'3' = 'three';
'4' = 'four';
'5' = 'five';
'6' = 'six';
'7' = 'seven';
'8' = 'eight';
'9' = 'nine';
'*' = 'asterisk';
'+' = 'plus';
',' = 'comma';
'-' = 'dash';
'.' = 'period';
'/' = 'forward slash';
}
[string]$Value = $Translator.GetEnumerator() | Where-Object { $_.Name -eq $Char } | Select-Object -ExpandProperty Value
if ( $Char -match '[0-9]') {
$msg = '{0} - {1}' -f $msg, $Value.toUpper()
}
elseif ( $Char -cmatch '[a-z]') {
$msg = '{0} - {1}' -f $msg, $Value.tolower()
}
elseif ( $Char -cmatch '[A-Z]') {
$msg = '{0} - {1}' -f $msg, $Value.toUpper()
}
elseif ( $Char -cmatch '[*+,-./]') {
$msg = '{0} - {1}' -f $msg, $Value.toUpper()
}
Remove-Variable Char
}
}
END {
$msg.Substring(3, $($msg.Length - 3))
}
}
Get-RandomPassword has one parameter and it is length. Pass in how long you’d like your string to be.
Function Get-RandomPassword {
param(
[Parameter(Mandatory = $true)]
[int]$Length
)
$ReturnString = ''
$AvailableChar = 42..57 + 65..90 + 97..122
$AvailableChar | Get-Random -Count $Length | ForEach-Object {
$ReturnString += [char][byte]$_
}
Write-Host "Phonetic Spelling -> $(ConvertFrom-CharToPhonetic -string $ReturnString)" -ForegroundColor Yellow
Write-Output $ReturnString
}
Using both functions together produce a random password with the phonetic spelling printed to the console.
Is Get-Random Secure?
You may of seen echos on the internet that Get-Random isn’t secure for password generation. I reached out to Lee Holmes via Twitter and he confirmed that, as of v4, Get-Random is safe to use for password generation. Lee is a Lead Security Architect for Azure Management at Microsoft.