0

I would like to have a hashing algorithm, that can generate a hash string but with alphanumeric characters but under a specified limit.

For example, If I provide it some text, it should generate a string that can be used as a password for websites. So at least 8 characters long, must contain at least a capital letter and at least a number.

Is there any hash algorithm like this? or would I have to create a custom implementation? or is it not possible at all?

I'd like to do this in javascript

Wor Chan
  • 139
  • 1
  • 11
  • 1
    Hash algorithms are producing bytes. Take the bytes and convert whatever you want. – kelalaka May 19 '22 at 14:23
  • Do you need it to be cryptographically secure? Requiring "at least one" capital letter and number is problematic, because it causes a dependence between the bytes in your output. Would it suffice to just generate a hash (long enough for your security purposes) using an established hash algorithm and then add "A1" at the end to ensure it passes the human password requirement? – Berthur May 19 '22 at 14:35
  • @Berthur I guess I can do that. Is there any algorithm that doesn't generate long hashes? Like 16 characters long would be great – Wor Chan May 19 '22 at 14:51
  • @WorChan If the hash function is cryptographically secure, you can typically just generate a hash and pick an arbitrary subset of it. I do recommend you read properly into the theory though if you are planning to implement something security critical. – Berthur May 19 '22 at 17:09
  • @Berthur Thanks for the advice. Could you please comment some good resources to study more on this? – Wor Chan May 19 '22 at 18:12
  • @WorChan Unfortunately I don't know any specific resource that I could recommend, perhaps someone else here does :) – Berthur May 19 '22 at 18:32

2 Answers2

1

So at least 8 characters long, must contain at least a capital letter and at least a number

  1. Generate a random integer that determines the number of capitals, Use getRandomInt from this answer that uses sampling with rejecting. This uses the getRandomValues to get cryptographically strong random values.

    let capNum = getRandomInt(1,7)

    One reserved for digits

  2. Generate the number of digits.

    let digNum = getRandomInt(1, 8-capNum)

  3. Now we have 8 - capnum - digNum amount letters ( not capitals)

  4. Generate necessary random elements for each group and store all of them into a string arr.

  5. Apply Fisher–Yates shuffle algorithm so that the order of the characters in the string shuffles.

   var i = arr.length, k , temp;  
   while(--i > 0){
      k = getRandomInt(0, i);
      /swap
      temp = arr[k];
      arr[k] = arr[i];
      arr[i] = temp;
   }
kelalaka
  • 5,064
  • 5
  • 27
  • 44
  • I've only provided the gist of the algorithm. When you finished the full coding, you can post as an answer that I'll upvote. – kelalaka May 19 '22 at 22:05
  • Could you please explain what you mean by "Generate necessary random elements for each group and store all of them into a string arr". Sorry, I'm a newbie when it comes to cryptography and hashing algorithms – Wor Chan May 20 '22 at 15:55
  • Isn't clear? For example; for a digit `a = getRandomInt(0,9)` for a letter `a = getRandomInt(0,26)` then convert integer to letter... – kelalaka May 20 '22 at 19:35
-1

I didn't say in which language you need the algorithm .

In CSharp:

public static string Hash(string password) 
    {
        var bytes = System.Text.Encoding.UTF8.GetBytes(password);
        using var hash = System.Security.Cryptography.SHA512.Create();
        {
            var hashedInputBytes = hash.ComputeHash(bytes);

            // Convert to text
            // StringBuilder Capacity is 128, because 512 bits / 8 bits in byte * 2 symbols for byte 
            var hashedInputStringBuilder = new System.Text.StringBuilder(128);
            foreach (var b in hashedInputBytes)
                hashedInputStringBuilder.Append(b.ToString("X2"));
            return hashedInputStringBuilder.ToString();
        }
    }
Guaraci Falcão
  • 21
  • 3
  • Thanks for the answer! Sorry I forgot to mention that I'd like the algorithm in Javascript but I'll try to read your code to see if I can convert it to javascript. – Wor Chan May 19 '22 at 12:36
  • 3
    So how does this code ensure at least a capital letter and at least one number ? – Ebbe M. Pedersen May 19 '22 at 12:59