RandomStringUtils.randomAlphanumeric guarantee number and alphabet

StackOverflow https://stackoverflow.com/questions/21189649

Question

Does this method guarantee to generate a random password which will have at least one number, one uppercase alphabet and one lowercase alphabet?

org.apache.commons.lang.RandomStringUtils.randomAlphanumeric(10)

If not, how safe and good this approach is to generate 10 digit password which must contain at least one number, one uppercase alphabet and one lowercase alphabet?

org.apache.commons.lang.RandomStringUtils.randomAlphanumeric(7) + "a1R";

Thanks.

Was it helpful?

Solution

The javadoc does not say anything so there is no reason it would return a string with at least one digit, lowercase and uppercase.

You could keep generating passwords until you get what you want, for example:

String pass;
do {
    pass = randomAlphanumeric(10);
} while (!pass.matches(".*(?=.*\\d)(?=.*[a-z])(?=.*[A-Z]).*"));

The regex is adapted from this answer.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top