In the first part of this entry, it was shown how its possible that a password from a normal user would significantly be weaker than that from a complex and randomly generated one.

**Note:**in the strictest sense, there is no such thing as an uncrackable password. Passwords can be uncrackable only in theory, i.e. the mathematical probability of a password being guessed correctly-- no matter how infinitesimally small the odds are, the possibility of a right guess is always present. Also, passwords are uncrackable only technically-- given enormous resources and time any password can be cracked.

Here is a function for a truly random and complex password generator which is based on the formulas given in the first part of this entry:

DELIMITER $$ DROP FUNCTION IF EXISTS `randomPasswordGenerator` $$ CREATE DEFINER=`root`@`localhost` FUNCTION `randomPasswordGenerator`( ) RETURNS varchar(64) CHARSET utf8 BEGIN DECLARE charCount TINYINT(1) DEFAULT 0; DECLARE charDiceRoll TINYINT(2); DECLARE randomChar CHAR(1); DECLARE randomPassword CHAR(8) DEFAULT ''; REPEAT SET charCount = charCount + 1; SET charDiceRoll = 1 + FLOOR(RAND() * 94); IF (charDiceRoll <= 32) THEN SET randomChar = ELT(charDiceRoll, '`', '~', '!', '@', '#', '$', '%', '^', '&', '*', '(', ')', '-', '=', '_', '+', '[', ']', '{', '}', '\\', '/', '|', '?', ';', ':', '\'', '"', ',', '.', '<', '>'); ELSEIF (charDiceRoll >= 33) AND (charDiceRoll <= 68) THEN SET charDiceRoll = charDiceRoll - 33; SET randomChar = CONV( charDiceRoll, 10, 36); ELSE SET charDiceRoll = charDiceRoll - 59; SET randomChar = LOWER( CONV( charDiceRoll, 10, 36) ); END IF; SET randomPassword = CONCAT(randomPassword, randomChar); UNTIL (charCount = 8) END REPEAT; RETURN randomPassword; END $$ DELIMITER ;

This function will return an 8-character password string. Each character has an equal chance of 1/94 to be generated. Given a short period of time and a normal amount of resources, this qualifies as a

**theoretical technically uncrackable password.**It can be modified to return a longer password length or even a random length, say between 8-12 characters long. A separate user defined function, randomRangePicker(), can be used, if refactoring is desired.

The output can be checked with a simple SELECT statement:

SELECT randomPasswordGenerator();

See the first part of this entry or a similar random string/name generator.

## No comments:

Post a Comment