Skip navigation

Random Passwords on Demand

HTA makes it easy to generate random passwords


Executive Summary:
Using strong passwords is a necessity nowadays. To create strong passwords, you can use RandPass.hta. This HTML Application provides a simple GUI that lets you generate a list of random passwords in seconds. You can make the passwords as long as needed (up to 128 characters) and as complex as needed (you can use uppercase letters, lowercase letters, numbers, and/or symbols).

It's often useful to be able to generate random passwords for various uses. For example, your backup strategy might require you to use a privileged account that's protected with a long and complex password. To make it easy to generate random passwords, I wrote RandPass.hta, which you can download by clicking the Download the Code Here button at the top of the page. As Figure 1 shows, this HTML Application (HTA) has an easy-to-use GUI.

Figure 1: RandPass.hta's GUI

You just choose the types of characters the random passwords should include, the length of the passwords, and the number of passwords the HTA should generate. When you click the Generate Passwords button, the HTA populates the list box with randomly generated passwords meeting the specified criteria. RandPass.hta can generate up to 128 passwords of up to 128 characters each. The Copy to Clipboard button will copy the entire list to the clipboard. You can also select and copy passwords using a mouse.

By default, RandPass.hta generates random passwords using English uppercase letters, English lowercase letters, and the numbers 0 through 9. You can also select Symbols, which contains the following:

! # $ ' * + , - . / : ; = ? @ \[ \ \] _ \{ \} ~

Some symbols (e.g., " < >) have special interpretations when used at a command prompt, so I intentionally skipped them to avoid potential problems. If the list of characters isn't sufficient for your needs, open RandPass.hta in a plain-text editor (such as Notepad) and scroll down to the lines of code shown in Listing 1.

Listing 1: Code That Defines RandPass.hta's Character Classes

Modify the characters between the double quotes and save the file. Note that the backslash (\) is doubled because the backslash is JScript's escape character. Also, if you want to include the double quote (") in the Symbols set, you must escape it with a backslash (i.e., \") to avoid a syntax error.

Inside the HTA

The most interesting part of RandPass.hta is the code that makes it work. Like any HTA, RandPass.hta consists of HTML tags and code that responds to events. Table 1 lists the HTML tags that correspond to the application's GUI elements.
Table 1: RandPass.hta's GUI Elements and Associated HTML Markup
GUI Element HTML Markup
Check boxes
Input boxes
Submit button
Text area
Standard buttons

RandPass.hta uses four check boxes (for the character classes), two input boxes (for the Password length and Number of passwords fields), a submit button (for the Generate Passwords button), a text area (for the list of passwords), and three standard buttons (for the Copy to Clipboard, Clear List, and Close buttons).

When you press Enter or click the Generate Passwords button, RandPass.hta executes the generate function, shown in Listing 2. First, the generate function builds a string of characters based on the character classes selected on the form. It examines each check box and, if checked, appends the specified characters from the class to the string. If none of the check boxes were selected, the function displays an alert message.

Next, the generate function retrieves the data entered into the Password length and Number of passwords fields. The function uses JScript's parseInt method to attempt to parse both values as base 10 numbers. If the parsing fails (e.g., the value isn't a number), the function displays an alert message.

At this point, the function has determined that at least one character class was selected and that both the Password length and Number of passwords fields contain valid numbers, so it's ready to generate the random passwords. (I'll describe how this works in a moment.) The function builds a newline-delimited string of random passwords, updates the text area on the form, and enables the Copy to Clipboard and Clear List buttons.

Generating a Random Password

Callout A in Listing 2 shows the code that the generate function uses to create the newline-delimited list of random passwords. JScript's random method returns a pseudo random floating-point value between 0 (inclusive) and 1 (exclusive); that is, it returns a value that can be 0 but will always be less than 1. The list of possible characters is stored in a string, so the generate function needs a number between 0 (the first character in the string) and the total number of characters in the string. To do this, the function uses the formula
r * n

where r is the pseudo random floating-point value returned from the random method and n is the number of possible characters (i.e., the number of characters in the list of possible characters). This operation results in a floating-point value, so the function uses JScript's floor method to truncate the value to an integer. The floor method returns the largest integer value that's less than or equal to its argument. For example, floor(7.0), floor(7.2), and floor(7.8) all return 7. The function uses JScript's charAt method to return a random character from the list of possible characters and appends this to the password string.

After the generate function has generated a random password, it appends the password to the newline-delimited list of passwords, as shown in callout B in Listing 2. This line of code uses JScript's ternary (? :) operator to create the list. In JScript, the expression x ? y : z is equivalent to the more verbose expression

if (x)

After it generates the list of passwords, the generate function updates the value of the text area on the form and enables the Copy to Clipboard and Clear List buttons, as shown in callout C in Listing 2.

Copying the List to the Clipboard

With the click of a button, you can copy the list of passwords to the clipboard. When you click the Copy to Clipboard button, RandPass.hta executes the copyToClipboard function in Listing 3.

Listing 3: The copyToClipboard Function

The copyToClipboard function's logic is simple. First, it reads the value from the text area on the form. If the value isn't an empty string, the function uses the setData method of the clipboardData object. The clipboardData object is a property of the HTML window object, which represents an open window in a browser. The setData method's first argument is the format of the text. This argument must be either "text" or "URL". The second argument is the data to be sent to the clipboard. If the setData method fails, the copyToClipboard function displays an alert message.

Easily Generate Random Passwords

You no longer need to come up with random passwords on your own. Add RandPass.hta to your toolkit and generate as many random passwords as you need.

Listing 2: The generate Function

// Executes when the Generate Passwords button is clicked.
function generate() \{
  var chars, len, num, m, n, pwds, pwd;

  // Build a string based on the check boxes.
  chars = "";
  if (id("uppercase").checked) chars += UPPER_CHARS;
  if (id("lowercase").checked) chars += LOWER_CHARS;
  if (id("numbers").checked)   chars += NUMBER_CHARS;
  if (id("symbols").checked)   chars += SYMBOL_CHARS;

  // Complain if none of the check boxes are selected.
  if (chars 

"") \{ window.alert("Select at least one character class."); id("uppercase").focus(); event.returnValue = false; return; \} // Parse the password length field as base 10 number. Complain // if the value is not a number or outside the allowed range. len = parseInt(id("len").value, 10); if (isNaN(len) || (len MAX_PASSWORD_LENGTH)) \{ window.alert("Enter a number in the range 1 to " + MAX_PASSWORD_LENGTH + "."); event.returnValue = false; id("len").focus(); return; \} // Parse the number of passwords field as a base 10 number. Complain // if the value is not a number or outside the allowed range. num = parseInt(id("num").value, 10); if (isNaN(num) || (num MAX_PASSWORD_NUMBER)) \{ window.alert("Enter number in the range 1 to " + MAX_PASSWORD_NUMBER + "."); event.returnValue = false; id("num").focus(); return; \} // Clear the list of passwords. id("passwords").value = ""; // The pwds variable will contain a newline-delimited list of // random passwords. The code generates a random password, stores // it in the pwd variable, and appends it to the pwds variable. pwds = ""; for (m = 0; m
// Begin Callout A
    pwd = "";
    for (n = 0; n 
// Begin Callout B
    pwds += pwds 

"" ? pwd : "\n" + pwd; // End Callout B \} // Update the password list and enable the Copy to Clipboard and // Clear List buttons.
// Begin Callout C
  id("passwords").value = pwds;
  id("copydata").disabled = false;
  id("clear").disabled = false;
// End Callout C
TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.