30 Days of Windows Mobile – Day 06: Pocket PasswordGen

Screenshot of PasswordGen applicationIf you are like me you will have access to a number of password protected online services. Each time I am requested to change my password for one of these services, I struggle to come up with a unique yet strong password.

The following application is designed to make the process of creating new passwords much easier. It allows the user to specify the allowable types of characters in their password and optionally shows the password in a phonetic form to make it easier to remember, or quote over a phone.

Defining a datastructure

The first challenge with this application was to determine how to store the required lookup data. For each character that could be used in the generated password we must be able to determine its equivalent phonetic form. This can be represented by the following data structure:

typedef struct {
  TCHAR character;
  LPCTSTR phonetic;
} PhoneticLetter;

We can construct an array of PhoneticLetter entries for each character category that the user can select to include in the generated password.

// Define a lookup table for lower case letters
static PhoneticLetter gbl_lowerCase[] = {
  { 'a', _T("Alpha") },
  { 'b', _T("Bravo") },
  ...
  { 'z', _T("Zulu") }
};

Helper functions can then be written to randomly select letters from these arrays and to convert between character and phonetic forms.

Generating cryptographic strength numbers

In order to generate unique passwords we need a way to pick a character at random. Using a cryptographic strength random number generator is an ideal technique since any weakness in our random number generation algorithm could be used to exploit the passwords we generate.

By using the Windows Cryptographic APIs we can produce a stream of cryptographic strength random numbers. To do this we need to include the wincrypt.h header file and then call the CryptGenRandom function as shown below:

DWORD dwRandomSeed;
HCRYPTPROV hCrypt;
 
// Acquire the cryptographic context	
if (CryptAcquireContext(&hCrypt, NULL, NULL, PROV_RSA_FULL,
                          CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
{
  // Generate some random bytes.
  // Second parameter is number of bytes to generate
  // Third parameter is where to store generated bytes
  if (CryptGenRandom(hCrypt,
           sizeof(dwRandomSeed),
           (BYTE*)&dwRandomSeed))
  {
    // dwRandomSeed contains a random value
  }
 
  CryptReleaseContext(hCrypt, 0);
}

CryptGenRandom is designed to generate an arbitrary amount of random data. By passing in a DWORD for the third parameter we’ll get 32bits (4 bytes) worth of random data.

Changing Fonts

By default controls within a dialog will utilise the standard dialog font. From the screenshot above you will notice that the “Password” label is slightly larger and bolder than the other labels.

To change the font used by a specific control we can send it the desired font via a WM_SETFONT window message. The following example uses the CreateFontIndirect function to create a new font and then sends it to the password label control via a WM_SETFONT message.

// Create a new font by filling out a LOGFONT
// structure with the desired style details
// and calling CreateFontIndirect
LOGFONT lf;
memset(&lf, 0, sizeof(LOGFONT));
HDC hdc = GetDC(NULL);
lf.lfHeight = -9 * GetDeviceCaps(hdc, LOGPIXELSY) / 72;
ReleaseDC(NULL, hdc);
lf.lfWeight = FW_BOLD;
HFONT hFont = CreateFontIndirect(&lf);
 
// Pass the font to the control via
// the WM_SETFONT message
SendDlgItemMessage(hDlg, IDC_LABEL_PASSWORD,
  WM_SETFONT, (WPARAM)hFont, 0);

Using Checkboxes

Just like radio buttons, a checkbox is another form of button control. You can send the BM_GETCHECK window message to a checkbox to determine it’s current state as shown below:

HWND hWndCtrl = GetDlgItem(hDlg, IDC_CHECKBOX1);
if (SendMessage(hWndCtrl, BM_GETCHECK, 0, 0) == BST_CHECKED)
{
   // the checkbox is checked
}

Interacting with the Clipboard

You might be using your PDA’s webbrowser to create an account for an online service. Rather than manually retyping the newly generated password, it may be easier to copy and paste it between applications.

As discussed in a previous blog post adding a SIPPREF control to a dialog will automatically provide a cut/copy/paste popup menu.

To programatically copy something to the clipboard we need to open the clipboard via a call to the OpenClipboard function.

if (OpenClipboard(NULL))
 
{
  ... do something with the clipboard ...
 
  CloseClipboard();
}

Once the clipboard is opened you then can call functions such as EmptyClipboard or SetClipboardData to alter with the contents of the clipboard buffer.

Sample Application

[Download pocketpasswordgen.zip - 61KB]

The C++ source code and a CAB file for this sample application can be downloaded. If you have any questions about the source code or would like to discuss native Windows Mobile development further please leave a comment on this blog entry.

Leave a Reply