PowerShell for Security: PassWord Gen Part 2

Did it again

2021-05-10 - I wrote an article on Password Generators.

The goal of that pass-gen was to have a script in my $Profile that would simply work on both PowerShell 5.1 & PowerShell 7+. The goal was also to cover AD complexity rules, and it did just that.

However,

This time I’ve taken a whole new bull by the horn. While looking for a nuget package for password generators, out of curiosity on how a .net/C# developer would tackle the challenge that is coding a password generator, I stumbled upon “PasswordGenerator”.

To my surprise, the package has reached 1.6 million(!!!) downloads. I figured this package must be something special, some sort of holy grail of pass gens. And while I’m no C# expert, I’m always up for a challenge!

So I shamefully forked the repository and started working on a binary PowerShell cmdlet that would mimic the nuget package. 7 versions and 29 commits later, “BinaryPasswordGenerator” was born!

It’s fast…

Fast

It’s customizable

The cmdlet is highly customizable, just like the nuget package. This opens up a new usecase area that the former script did not cover:

  • Backend engine for generating passwords, in GUI/Web senarios (like a nuget package)
  • PIN/One Time Pass generations (usually 4-8 digit codes)
  • More user-friendly passwords (example: lowercase + numeric)
  • Supports up to 128 char length passwords
  • It’s wicked fast, meaning it scales better

Examples 

# By default, all characters available for use and a length of 16

# Will return a random password with the default settings

New-Password
# Same as above but you can set the length. Must be between 4 and 128

# Will return a password which is 32 characters long

New-Password -Length 32
# Same as above but you can set the length. Must be between 4 and 128

# Will return a password which only contains lowercase and uppercase characters and is 21 characters long.

New-Password -IncludeLowercase -IncludeUppercase -Length 21
# You can build up your reqirements by adding parameters, like -IncludeNumeric

# This will return a password which is just numbers and has a default length of 16

New-Password -IncludeNumeric
# As above, here is how to get lower, upper and special characters using this approach

New-Password -IncludeLowercase -IncludeUppercase -IncludeSpecial
# This is the same as the above, but with a length of 128

New-Password -IncludeLowercase -IncludeUppercase -IncludeSpecial -Length 128
# One Time Passwords

# If you want to return a 4 digit number you can use this:

New-Password -IncludeNumeric -Length 4

Using together with other PowerShell modules: 


# Convert to SecureString
$pw = New-Password | ConvertTo-SecureString -AsPlainText -Force

# Set a password in your SecretVault using Secret Store/Management
Set-Secret -Name 'User' -Secret (New-Password -Length 128) -Vault PSVault

Get-Secret User
System.Security.SecureString

Get-Secret User -AsPlainText
u%4EkQlMpVjPnO5VM5tYcnUE!F!D3wvhB8w595LXqIEAny1XC4OVn4\x!1Q79Nlj!QwK!zBVkFUAHVy44iEIO2icVE0meAz3YEWudP9UdKrjbrp8nJ8DECVll2Uq!kt5

Happy coding

/Emil