Critical Start Password Generator Help (Beta)


This is the help text for the Critical Start Password Generator (both GUI and console version).  See the license terms below.
Download a copy of the Password Generator.

criticalstart-passwordgenerator1

One of the best free controls to mitigate initial compromise from malware and slow lateral movement is to use unique passwords for local administrator accounts on user PCs and internal servers.  Many organizations use the same local administrator passwords for common operating system builds – easy to support but very dangerous long term.

How do you easily keep track of hundreds or thousands of pseudo-random passwords – check out the Critical Start Password Generator.  It’s not perfect, but it’s much better than every Windows machine having the same local administrator password!

The Critical Start Password Generator is a simple tool to take a known value that is unique to each PC (serial number, asset tag number, etc.) and combine it with a known passphrase to generate a pseudo-random password unique to each machine.  Administrators can easily compute the local administrator password if needed.  Attackers and individuals could not easily determine the password unless they have:

  • The salt value used to calculate the password
  • Algorithm length (256 or 512 SHA2)
  • Rounds of hashing (multiple rounds to make precomputed rainbow tables more difficult)
  • Round used to salt (salt value is applied only in round)
  • Password length (from 8-16 characters)

You can also upload a text file with one value per row.  Each value per row will be used as the unique value to generate a password, and the output stored to a CSV file.

The command line version works as follows:

  • There are three valid modes and associated options you may use:
  • This will use manual start password value:
  • PasswordGenerator.exe -u [-l ] [-s ] [-r ] [-t <r
    ound to salt>] [-h ] [-a ]
  • This will use unique serial of your computer:
  • PasswordGenerator.exe -g [-l ] [-s ] [-r ] [-t ] [-h lgorithm (256 or 512)>] [-a ]
  • This will open CSV file and create output csv file:
  • PasswordGenerator.exe -c [-l ] [-s ] [-r ] [-t alt>] [-h ] [-a ] [-o ]

Send feedback or comments to [email protected].

pwgenlicense