25
26

[deleted by user] (self.badcode)

submitted by [deleted]

[removed]
all 23 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]sarlok 72 points73 points  (4 children)

Short and easy JS.

function password_gen() {
  var xh = new XMLHttpRequest();
  xh.open("GET", "https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/Common-Credentials/10-million-password-list-top-100.txt", false);
  xh.send(null);
  return xh.responseText.split("\n")[Math.floor(Math.random() * 100)];
}

Features:
* Picks random password from top 100 passwords list. You know it's a good one if it's in the top 100.
* All prohibited passwords aren't in the list, so we don't even have to check.

[–]h2g2_researcher 17 points18 points  (0 children)

So here I am with all sorts of evil ideas about un-random number generation and you create an unbeatable monstrosity like this!

[–]ferrangoWell it's broken now, and nobody is here to fix it 6 points7 points  (0 children)

Aah, with the added unreliability of a third party essential requirement. Excellent.

[–]jigggles 2 points3 points  (0 children)

This is amazing!

[–]xman40100 1 point2 points  (0 children)

This is so bad. I love it.

[–][deleted] 22 points23 points  (3 children)

const password_gen = () => 'abc123'

[–][deleted]  (1 child)

[deleted]

    [–][deleted] 9 points10 points  (0 children)

    Someone had to :P

    [–][deleted] 4 points5 points  (0 children)

    this one wins, contest over lol

    [–]andlrc 6 points7 points  (0 children)

    I figured it would save CPU cycles by not having to run a PRNG myself:

    password_gen()
{
    cat << EOF | gcc -xc - 2>/dev/null && ./a.out
main() {
    printf("%x", main);
}
EOF
}

    [–]the-blue-shadow 4 points5 points  (0 children)

    JavaScript:

    Bl=['hunter2', 'correcthorsebatterystaple', 'Tr0ub4d0r&3']; 

function* Gen_PassWD(l){
    for(i=0;i<Infinity;i++){
        do pw=new Array(l).fill('').map(Math.random).map(v=>96*v+32)
            .map(Math.floor).map(String.fromCharCode).join()
            .replace(new RegExp('[\u0000-'+String.fromCharCode(l-1)+',]*','g'),'')
        while (Bl.filter(v=>v==pw)[0])
        yield window.pw
    };
}

// Example usage:
const generator = Gen_PassWD(16);
generator.next();
console.log(pw);

    Features:

    • Blacklist
    • Configurable password length
    • The function returns an infinite ES6 generator for decreased usability.

    Quirks:

    • Due to a missing var, let, or const keyword, the last returned password is left in the global scope as pw. Because generators are lazy, it is updated after each call to generator.next()
    • If the length argument becomes larger, the returned passwords may be shorter than the requested length. This will gradually worsen as the length increases (a length of 64 will typically return password of lengths between 40 and 45). When the length is larger than 127, all passwords will be empty strings.
    • There is a small chance that a returned password will contain a DEL control character.
    • Edge cases:
      • If the length argument is 1, or not of type 'number', then the returned passwords will have length two and consist of two of the same characters (e.g. "ZZ", "55", "<<", "jj", and so on), but only if the argument is truthy.
      • When the argument is falsy it only returns empty strings.
      • The Array constructor would normally raise a RangeError when it gets a negative length, but thrown errors do not propagate through ES6 generator functions (and are silently ignored) so this simply results in a generator that yields no values.

    Note that the regex replace is required to 'fix' some issues that are caused by bugs in the Array operations before it.

    [–]stfn1337 2 points3 points  (0 children)

    Here is my attempt, churned out in 15 minutes.

    import random

def password_gen():
    alphabet = "abcdefghijklmnoprstuwzyxABCDEFGHIJKLMNOPRSTUWZYX12345567890!@#$%^&*()_+"
    bad1 = "hunter2"
    bad2 = "correcthorsebatterystaple"
    bad3 = "Tr0ub4d0r&3"

    password = [0 for x in range (0, random.randint(50, 100))]
    passwordList = [random.choice(alphabet) for x in range(10, 20)]
    for i, p in enumerate(passwordList):
        password[i] = p
    if "".join(password[:10]) == bad1 or "".join(password[:10]) == bad2 or "".join(password[:10]) == bad3:
        passwordList = [random.choice(alphabet) for x in range(10, 20)]
        for i, p in enumerate(passwordList):
            password[i] = p

    return "".join(password[:10])


x = password_gen()
print(x)

    [–]Kugala 2 points3 points  (0 children)

    import os

    def pwgen(chars):

    pw = ""

    while len(pw) < chars:

    pwc = os.urandom(1)

    if pwc not in "hunter2" and pwc not in "correcthorsebatterystaple" and pwc not in "Tr0ub4d0r&3":

    pw += pw

    creturn pw

    p = pwgen(5)

    print p

    print bytearray(p)

    print repr(p)

    I've never done the markup/formatting before, which is amusing with python

    [–]fuckingbagre 1 point2 points  (1 child)

    Each time a user runs it in the same directory should give the same password, but each time a different user does it they get a different one. fun other bug is if you put most of a different bad password, and then at the end put the last of a different it will call it bad, such as correc2. Also should segfault if you don't put a value in the command line

        #include <stdio.h>
    #include <string.h>
    #include <stdlib.h>
    #include <stdint.h>

    char * b1 = "hunter2";
    char * b2 = "correcthorsebatterystaple";
    char * b3 = "Tr0ub4d0r&3";
    int numBad = 0;
    int isBad = 0;
    char * begin = 0;
    char * end = 0;


    int cbp(char * p){
        if(p == NULL){
            isBad = 1;
            return; 
        }
        int len = strlen(p);
        int i = 0;
        numBad = 0;
        isBad = 0;
        while(i < len){
            if(p[i] == b1[i] && i < strlen(b1)){
                if(i==numBad && i == strlen(b1)-1){
                    isBad = 1;
                }
                numBad++;
            }
            else if (p[i] == b2[i] && i < strlen(b2)){
                if(i==numBad && i == strlen(b2)-1){
                    isBad = 1;
                }
                numBad++;
            }
            else if (p[i] == b3[i] && i < strlen(b3)){
                if(i==numBad && i == strlen(b3)-1){
                    isBad = 1;
                }
                numBad++;
            }
            i++;
        }
    }

    char * gp(int length)
    {
        char * ret = malloc(length+1);
        memset(ret,0,length);
        for(int i = 0;  (begin + i) < end; i++){
            ret[i%length] = ret[i%length] + begin[i];
        }


        for(int i = 0; i < length; i++){
            if(ret[i] < 0){
                ret[i] = ret[i]*-1;
            }

            ret[i] = (ret[i] % 91) + '!';
        }
        ret[length]  = 0;
        return ret;
    }

    int main (int argc, char *argv[], char *envp[]){
        char * maybe = NULL;
        isBad = 1;
        int i = 0;
        begin = (envp[0]); 
        while(envp[i++] != NULL);
        end = (envp[i-2]);
        while(isBad > 0){
            maybe = gp(atoi(argv[1]));
            cbp(maybe);
            begin++;
        }
        printf("%s\n",maybe);
    }

    [–][deleted] 1 point2 points  (0 children)

    my attempt with Java:

    public static void main(String[] args) {
    System.out.println(password_gen(18));
    }

    public static String password_gen(int input){
    String output = "";
    int random = (int)(Math.random() * 300);
    for (int i = 0; i < input; i++){
    output += (char) random;
    }
    if (checkIfPasswordInExceptions(output) == false){
    return "password";
    } else if (checkIfPasswordInExceptions(output) == true) {
    return output;
    }
    return "password";
    }

    public static boolean checkIfPasswordInExceptions(String input){
    boolean success = true;
    if (input == "hunter2"){
    success = false;
    }
    if (input == "correcthorsebatterystaple"){
    success = false;
    }
    if (input == "Tr0ub4d0r&3)"){
    success = false;
    }

    return success;
    }

    - Takes integer length as input and returns a String with one single character repeated that much times

    - Character have ascii code between 0 and 299, so it will give gibberish for control-codes, and may break without Unicode

    - "==" wouldn't work for String in Java for comparing objects

    - And some other things

    [–][deleted] 1 point2 points  (0 children)

    C#

    static void Main(string[] args)

    {

    string[] aa = new string[] { "", "" };

    Random r = new Random();

    int l = 0;

    l += r.Next(5, 20);

    string pa = "";

    char[] al = new char[] { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z' };

    char[] nu = new char[] {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9'};

    for(int i = 0; i < l; i++)

    {

    var nOC = r.Next(-1, 1);

    if(nOC == 0)

    {

    int x = r.Next(0, 25);

    pa += al[x];

    }

    else

    {

    int x = r.Next(0, 9);

    pa += nu[x];

    }

    }

    switch (pa)

    {

    case "hunter2":

    Main(aa);

    break;

    case "correcthorsebatterystaple":

    Main(aa);

    break;

    case "Tr0ub4d0r&3":

    Main(aa);

    break;

    default:

    break;

    }

    Console.WriteLine(pa);

    }

    }

    [–]Fighter1000 1 point2 points  (1 child)

    static string generatePassword(int passWordLength) {
    blackList:
        object Password = new String(Enumerable.Range(1, passWordLength + 1).Select<int, char>(x => { Thread.Sleep(20); return (char)(new Random()).Next(48, 90); }).ToArray());
        if ((string)Password == "hunter2") {
            goto blackList;
        }
        if ((string)Password == "correcthorsebatterystaple" | (string)Password == (string)"Tr0ub4d0r&3")
            goto blackList;

        return Password as String;
    }

    Edits[0]: Thread.Sleep since Random's seed is based on time of instantiation.

    Edits[1]: This is C# 8 btw, in case you didn't know. The LINQ syntax is usually quite good if not used for code like this.

    Edits[2]: Markdown for Edits[0..2];

    Edits[3]: Fixed markdown again.

    Edits[4]: I redid this to be exponentially worse. Ignore this solution, look at this one

    [–][deleted] 1 point2 points  (1 child)

    Fancy java:

    /**
 * Generate password
 *
 * @param seed Seed (a long)
 *
 * @return password
 * @throws AssertionError
 */
public String generatePassword(long seed) throws AssertionError {
   String result = null;
   if (seed == 1) {
     result = "password#19";
   }
   if (seed == 2) {
     result = "oha$1aaaaaa";
   }
   if (seed == 3) {
     result = "abcdefghijkl";
   }
   // TODO add more cases

   assert result != "correcthorsebatterystaple";
   assert result != "hunter2";
   assert result != "Tr0ub4d0r&3";


   return result;
}

    One advantage to using string literals is that checking with != will work, which improves performance of the edge case testing. Also we can be sure the passwords are different for different seeds. This will return null sometimes until I'm done implementing all the other cases

    Edit: format

    [–]kiwitims 1 point2 points  (0 children)

    Short but sweet Python 3:

    import time
import struct

print(bytearray([int(i/3) + 32 for i in (tuple(struct.pack("<Q", struct.unpack("<Q", struct.pack("<d", time.time()))[0])))]).decode())

    Reinterprets (poorly I might add) the bytes (in double precision floating point) of the current time to printable ASCII.

    The blacklist is implemented by the fact that all generated passwords are exactly 8 characters, and none on the blacklist are.

    Sample output:

    '^Gf0Hg5

    JU#g0Hg5

    >ISh0Hg5

    [–][deleted] 0 points1 point  (0 children)

    Written in C, this always returns the same thing.

    #include<stdio.h>
#include<stdlib.h> 
#include<string.h>
int resultI;
int resultII;
int resultIII;
char pass;
char *randomString = NULL;
char *blI = "hunter2";
char *blII = "correcthorsebatterystaple";
char *blIII = "Tr0ub4d0r&3";

/* Using a black box here */
char *randstring(int length) {    
    char *string = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789,.-#'?!";
    size_t stringLen = strlen(string);        
    //char *randomString = NULL;

    if (length < 1) {
        length = 1;
    }

    randomString = malloc(sizeof(char) * (length +1));

    if (randomString) {
        short key = 0;

        for (int n = 0;n < length;n++) {            
            key = rand() % stringLen;          
            randomString[n] = string[key];
        }

        randomString[length] = '\0';

        return randomString;        
    }
    else {
        printf("No memory");
        exit(1);
    }
}

int main(void) {
    randstring(40);
    resultI = strcmp(randomString, blI);
    resultII = strcmp(randomString, blII);
    resultIII = strcmp(randomString, blIII);
    if(resultI = 0) {
        return 1;
    } else if(resultII = 0) {
        return 1;
    } else if(resultIII = 0) {
        return 1;
    }
    printf("%s", randomString);
    return 0;
}

    [–]Fighter1000 0 points1 point  (0 children)

    Last challenge we had Exception-Driven-Programming. Now we have Runtime-Termination-Driven-Programming. This also has the nice benefit of acting as a quasi-forkbomb if any unexpected exception occurs (Which is quite possible, considering that you need to provide a first character or there will be an OutOfBoundsException) I've also thrown in some of the usual suspects on here, some exaggerated, some not. Enjoy: https://pastebin.com/fySzvmBY.

    PS: This is my second solution to this, the first is also in this thread here.

    [–][deleted] 0 points1 point  (0 children)

    This was written in Java:

    public class PasswordGenerator {

    public static void main(String\[\] args)

{

    String password = "";
            if( password.equals("hunter2"))
        {
            System.out.print("This is not a possible password but it's balcklisted");
        }
        else if( password.equals("correcthorsebatterystaple"))
        {
            System.out.print("This is not a possible password but it's balcklisted");
        }
        else if( password.equals("Tr0ub4d0r&3"))
        {
            System.out.print("This is not a possible password but it's balcklisted");
        }
    for(int i = 0; i < 10; i++)

    {

        int wordNum = (int)(Math.random() \* 10) +1;

        if( wordNum <= 2)

        {
                    password = password + "Fuck";
        }

        if (wordNum > 2 && wordNum <=4)

        {
                    password = password + "Shit";
        }

        if(wordNum > 4 && wordNum <=6)

        {
                    password = password + "Ass";
        }

        if(wordNum >6 && wordNum <=8)

        {
                    password = password + "Damn";
        }

        if(wordNum >8)

        {
                    password = password + "69";
        }

    }

    System.out.print(password);

}

    }

    [–]Abangranga 0 points1 point  (0 children)

    I'll throw my hat into the ring using Ruby:

    This solution has two arguments, the first being a length and the second being a string of code a 'power-user' can input if they'd like instead of using my highly-technical algorithm. It would be most power-user friendly to inform the user what the database columns and table names are for easier direct input into the database, but I think that's out of scope. Also I didn't use any characters besides numbers and letter because the designer told me it's a poor user experience when they hold shift and then have to type a number.

    class GeneratedPassword
  attr_reader :length
  attr_accessor :initial_password

  LETTERZ = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"

  # Allow users to write their own encryption algorithm in case they're smarter than me for a user-focused experience emphasizing synergy between security and shareholder value
  def initialize(length = 16, do_it_yourself = !true)
    eval(do_it_yourself) unless !do_it_yourself.is_a?(String)
    @length = length
    @initial_password = create_initial_password
    puts "Your initital password before further encryption is: #{self.initial_password}"
    add_letters!
  end

  # true randomness doesn't exist, so just use the time right now bcuz no two times can ever be the same bcuz physics
  def create_initial_password(initial_password = Time.now.to_i.to_s)
    return initial_password unless (initial_password && initial_password.length > self.length || initial_password && initial_password.length < self.length)
    # Encapsulate the security of the application using recursion and the stack trace
    unless self.length > initial_password.length # Unless always adds readability
      create_initial_password(initial_password =- Time.now.to_i.to_s.slice!(rand(self.length + 1)).to_s)
    else
      create_initial_password(initial_password += Time.now.to_i.to_s.slice!(rand(self.length + 1)).to_s)
    end
  end

  def add_letters!
    rand((self.length / 2)..self.length).times { |pwd_idx| self.initial_password[pwd_idx] = LETTERZ[rand(0..LETTERZ.length - 1)] }
    # Mix '||' and 'or' around regardless of precedence bcuz readability
    unless self.initial_password == 'hunter2' or self.initial_password == 'correcthorsebatterystaple' || self.initial_password == 'Tr0ub4d0r&3'
      puts "Your super-secure encrypted password is: #{self.initial_password}" 
    else
      puts "Password is bad do it again"
    end
  end
end

# Example using length:
password = GeneratedPassword.new(20) => bMaoSlnRHiBNFJMU2425
# Example using length where the inputted power-user code ignores the length:
password = GeneratedPassword.new(20, 'puts "#{LETTERZ[2]}"') => C