SpamOK.PasswordGenerator 1.1.0

dotnet add package SpamOK.PasswordGenerator --version 1.1.0                
NuGet\Install-Package SpamOK.PasswordGenerator -Version 1.1.0                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="SpamOK.PasswordGenerator" Version="1.1.0" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add SpamOK.PasswordGenerator --version 1.1.0                
#r "nuget: SpamOK.PasswordGenerator, 1.1.0"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install SpamOK.PasswordGenerator as a Cake Addin
#addin nuget:?package=SpamOK.PasswordGenerator&version=1.1.0

// Install SpamOK.PasswordGenerator as a Cake Tool
#tool nuget:?package=SpamOK.PasswordGenerator&version=1.1.0                

PasswordGenerator logo

GitHub Release NuGet Version GitHub Actions Tests Test Code Coverage SonarCloud Quality Gate NuGet Downloads

SpamOK.PasswordGenerator is an open-source .NET library designed to generate highly secure, customizable and random passwords. It helps developers ensure their applications adhere to best practices in password security.

The library supports two password generation methods: basic password generation and Diceware passphrase generation. The basic password generation method allows you to generate passwords with a configurable length and includes options for numbers, special characters, and uppercase/lowercase differentiation. The Diceware passphrase generation method generates passwords using a list of words from a wordlist, with options for word capitalization, word separation, and salt addition.

🖥️ Live demo

You can see the library in action on the official SpamOK website: https://spamok.com/static/tools/password-generator

Features

This library is designed to be easy to use and highly configurable, allowing developers to generate passwords that meet their specific requirements. The library is also fully unit tested, ensuring that it is reliable and robust.

This library features cryptographically secure random number generation. Additionally it provides generic helper methods for things such as checking password strength, hackerifying strings and more.

Basic password generation

  • Generate random passwords with a configurable length.
  • Include numbers, special characters, and uppercase/lowercase differentiation.
  • Exclude specific characters from the password.
  • Use non-ambiguous characters to avoid confusion between similar characters (e.g., 'l' and '1').

Diceware passphrase generation

  • Generate passwords using a list of words from a wordlist.
  • Configure the amount of words, word capitalization, word separation, and salt addition.
  • Supports multiple languages, including:
    • English
    • Dutch
    • German
    • French
    • Spanish
    • Italian
    • Ukrainian.

Installation

To install SpamOK.PasswordGenerator, use the following NuGet command:

Install-Package SpamOK.PasswordGenerator -Version 1.1.0

Usage

Below you can find examples of how to generate passwords using this library. The PasswordGenerator classes apply the builder pattern, allowing you to set various options before generating the password.

1. Basic password

Generating a basic password is done as follows:

var passwordBuilder = new SpamOK.PasswordGenerator.BasicPasswordBuilder();
string password = passwordBuilder
    .SetLength(12)
    .UseLowercaseLetters(true)
    .UseUppercaseLetters(true)
    .UseNumbers(true)
    .UseSpecialChars(true)
    .UseNonAmbiguousChars(false)
    .ExcludeChars("abcdefg")
    .GeneratePassword()
    .ToString();

Console.WriteLine(password);
// >>> Output: "y)Q-#vm0!YQ^"
Enable/disable all options

Instead of enabling or disabling each option individually, you can use the DisableAllOptions() and EnableAllOptions() methods to quickly set all options to a specific state.

This example will disable all options and then enable lowercase letters only:

var passwordBuilder = new SpamOK.PasswordGenerator.BasicPasswordBuilder();
string password = passwordBuilder
    .DisableAllOptions()
    .UseLowercaseLetters(true)
    .GeneratePassword()
    .ToString();

Console.WriteLine(password);
// >>> Output: "wlxbuqwb"
Async method

If you are calling the GeneratePassword() method from an async client (e.g. Blazor), you can use the GeneratePasswordAsync() method instead which is awaitable:

var passwordBuilder = new SpamOK.PasswordGenerator.BasicPasswordBuilder();

// Retrieve the password object via the async method which is awaitable.
var passwordObject = await passwordBuilder.GeneratePasswordAsync();

// Get the actual password string from the object.
var passwordString = passwordObject.ToString();

Console.WriteLine(passwordString);
// >>> Output: "wlxbuqwb"

2. Diceware passphrase generation

Diceware passphrase generation is a method of generating passwords using a dictionary. The words are selected randomly from the dictionary and concatenated to form a passphrase. You can read more about Diceware passphrases here.

This library supports Diceware in multiple languages, including English, Dutch, German, French, Italian, Spanish and Ukrainian. The default language is English.

Basic usage is as follows:

using SpamOK.PasswordGenerator.Algorithms.Diceware;

var passwordBuilder = new SpamOK.PasswordGenerator.DicewarePasswordBuilder();
string password = passwordBuilder
    .SetLength(5)
    .SetWordList(DicewareWordList.English)
    .SetSeparator(DicewareSeparator.Dash)
    .SetCapitalization(DicewareCapitalization.TitleCase)
    .SetSalt(DicewareSalt.Sprinkle)
    .HackerifyPassword(false)
    .GeneratePassword()
    .ToString();

Console.WriteLine(password);
// >>> Output: "Crow-Sea-Wean-Farmu-Dawn"
Simple variant using default values

If you wish to generate a diceware password using all default values, then you can directly call the GeneratePassword() method without setting any options:

var passwordBuilder = new SpamOK.PasswordGenerator.DicewarePasswordBuilder();
string password = passwordBuilder.GeneratePassword().ToString();

Console.WriteLine(password);
// Output: "green-game-glow-wage-wonder"
Async method

If you are calling the GeneratePassword() method from an async client (e.g. Blazor), you can use the GeneratePasswordAsync() method instead which is awaitable:

var passwordBuilder = new SpamOK.PasswordGenerator.DicewarePasswordBuilder();

// Retrieve the password object via the async method which is awaitable.
var passwordObject = await passwordBuilder.GeneratePasswordAsync();

// Get the actual password string from the object.
var passwordString = passwordObject.ToString();

Console.WriteLine(passwordString);
// >>> Output: "green-game-glow-wage-wonder"

3. Password model

Both the BasicPasswordBuilder and DicewarePasswordBuilder classes return a Password object. This object contains the generated password as a string, as well information about the password's strength. The following example demonstrates how to access the password and strength properties:

using SpamOK.PasswordGenerator.Helpers;

var passwordBuilder = new SpamOK.PasswordGenerator.BasicPasswordBuilder();
var passwordObject = passwordBuilder
    .EnableAllOptions()
    .SetLength(10)
    .GeneratePassword();

// Get the password as a string.
Console.WriteLine(passwordObject.ToString());
// >>> Output: "^8Ap%|]#,3"

// Get the password's strength indicator as Enum.
Console.WriteLine(passwordObject.GetEntropy().GetPasswordStrength());
// >>> Output: PasswordStrength.Strong

// Get the amount of time it would take to crack the password in seconds with
// a - very - conservative assumption of 1 trillion guesses per second.
Console.WriteLine(passwordObject.GetEntropy().GetTimeToCrackSeconds());
// >>> Output: 2815676 (= 32 days)

Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!

  • Fork the Project
  • Create your Feature Branch (git checkout -b feature/AmazingFeature)
  • Commit your Changes (git commit -m 'Add some AmazingFeature')
  • Push to the Branch (git push origin feature/AmazingFeature)
  • Open a Pull Request

Building the project locally

The SpamOK.PasswordGenerator library itself targets .NET Standard 2.0 which means it works on both .NET Framework and the modern .NET 6.0/7.0/8.0+.

However the test project uses .NET 8.0 as the targeting framework which means .NET 8.0 needs to be installed on your machine in order to run tests.

Full compatibility list for local development:
  • Visual Studio 2022 / JetBrains Rider 2024.1+
  • .NET 8.0+

Running tests locally

This project uses NUnit for testing. To run the tests, use the following command:

dotnet test

To run the tests with code coverage statistics, use the following command:

dotnet test -c Release /p:CollectCoverage=true /p:CoverletOutput=coverage /p:CoverletOutputFormat=opencover

License

This project is licensed under the MIT License - see the LICENSE.md file for details.

Credits

Credits belong to the following sources that are used in this project:

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
.NET Core netcoreapp2.0 was computed.  netcoreapp2.1 was computed.  netcoreapp2.2 was computed.  netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.0 is compatible.  netstandard2.1 was computed. 
.NET Framework net461 was computed.  net462 was computed.  net463 was computed.  net47 was computed.  net471 was computed.  net472 was computed.  net48 was computed.  net481 was computed. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen40 was computed.  tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
  • .NETStandard 2.0

    • No dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.1.0 1,064 12/13/2024
1.0.1 7,550 5/14/2024
1.0.0 104 5/13/2024
0.2.0 95 5/10/2024
0.1.0 113 4/29/2024

Updated random password generation to use modulo-bias safe method.