Skip to content

Shuffling the password to avoid having a subset of characters in fixed positions. #1058

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
asfgit merged 1 commit into from
Nov 22, 2015
Merged

Shuffling the password to avoid having a subset of characters in fixed positions. #1058

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 17 additions & 8 deletions utils/src/main/java/com/cloud/utils/PasswordGenerator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@
package com.cloud.utils;

import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Random;

/**
Expand Down Expand Up @@ -48,14 +51,19 @@ public static String generateRandomPassword(int num) {
password.append(generateAlphaNumeric(r));
}
} else {
// Generate random 3-character string with a lowercase character,
// uppercase character, and a digit
password.append(generateLowercaseChar(r)).append(generateUppercaseChar(r)).append(generateDigit(r));

// Generate a random n-character string with only lowercase
// characters
for (int i = 0; i < num - 3; i++) {
password.append(generateLowercaseChar(r));
List<Character> passwordChars = new ArrayList<Character>();
passwordChars.add(generateLowercaseChar(r));
passwordChars.add(generateUppercaseChar(r));
passwordChars.add(generateDigit(r));

for (int i = passwordChars.size(); i < num; i++) {
passwordChars.add(generateAlphaNumeric(r));
}

Collections.shuffle(passwordChars, new SecureRandom());

for (char c : passwordChars) {
password.append(c);
}
}

Expand Down Expand Up @@ -87,4 +95,5 @@ public static String generatePresharedKey(int numChars) {
return psk.toString();

}

}
39 changes: 31 additions & 8 deletions utils/src/test/java/com/cloud/utils/PasswordGeneratorTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,13 +30,36 @@ public void generateRandomPassword() {
Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length() == 3);
Assert.assertTrue(PasswordGenerator.generateRandomPassword(5).length() == 5);
String password = PasswordGenerator.generateRandomPassword(8);
// TODO: this might give more help to bruteforcing than desired
// the actual behavior is that the first character is a random lowercase
// char
Assert.assertTrue(Character.isLowerCase(password.charAt(0)));
// the second character is a random upper case char
Assert.assertTrue(Character.isUpperCase(password.charAt(1)));
// and the third is a digit
Assert.assertTrue(Character.isDigit(password.charAt(2)));

Assert.assertTrue(containsDigit(password));
Assert.assertTrue(containsLowercase(password));
Assert.assertTrue(containsUppercase(password));
}

private boolean containsUppercase(String password) {
for (char c : password.toCharArray()) {
if (Character.isUpperCase(c)) {
return true;
}
}
return false;
}

private boolean containsLowercase(String password) {
for (char c : password.toCharArray()) {
if (Character.isLowerCase(c)) {
return true;
}
}
return false;
}

private boolean containsDigit(String password) {
for (char c : password.toCharArray()) {
if (Character.isDigit(c)) {
return true;
}
}
return false;
}
}