Password Cycling Script


#1

At the Denver MUM in 2017 we presented a script to create dynamic usernames and passwords. This script is not a complete implementation of a dynamic/cycling password system but does provide the underpinnings for a semi-random username/password generation system.

In production, you would wrap with this with cloud services and run it on a regular or event driven basis to provide password cycling and additional security.

If you are deploying mikrotik solutions at scale these tools are a real benefit for your security profile.

If you have questions or just generally want to discuss usage, this is the thread for it!

Sorry for the delay, thanks!

### Random String Generation function
    :local getRandomStr do={
        :local rnum;
        :local rnlen;
        :local l1;
        :local idx;
        :local chars ("a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,0,1,2,3,4,5,6,7,8,9,0,1,o,p,q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,2,3,4,5");
        :local chararray [:toarray $chars];
        :local result "";
 
        :while ( [:len $result] < $reqLen ) do={
            :foreach i in=[/interface find where rx-packet>99] do={
                :set rnum [/interface get $i rx-packet];
                :set rnlen [:len $rnum];
                :set l1 ([:pick $rnum ($rnlen - 2)] * 10);
                :set idx ($l1 + [:pick $rnum ($rnlen - 1)]);
                :if ( [:len $result] < $reqLen ) do={ :set result ($result . [:pick $chararray $idx]); }
            };
            :foreach i in=[/interface find where tx-packet>99] do={
                :set rnum [/interface get $i tx-packet];
                :set rnlen [:len $rnum];
                :set l1 ([:pick $rnum ($rnlen - 2)] * 10);
                :set idx ($l1 + [:pick $rnum ($rnlen - 1)]);
                :if ( [:len $result] < $reqLen ) do={ :set result ($result . [:pick $chararray $idx]); }
            };
            :foreach i in=[/interface find where tx-byte>99] do={
                :set rnum [/interface get $i tx-byte];
                :set rnlen [:len $rnum];
                :set l1 ([:pick $rnum ($rnlen - 2)] * 10);
                :set idx ($l1 + [:pick $rnum ($rnlen - 1)]);
                :if ( [:len $result] < $reqLen ) do={ :set result ($result . [:pick $chararray $idx]); }
            };
            :foreach i in=[/interface find where rx-byte>99] do={
                :set rnum [/interface get $i rx-byte];
                :set rnlen [:len $rnum];
                :set l1 ([:pick $rnum ($rnlen - 2)] * 10);
                :set idx ($l1 + [:pick $rnum ($rnlen - 1)]);
                :if ( [:len $result] < $reqLen ) do={ :set result ($result . [:pick $chararray $idx]); }
            };
            ### Delay a bit
            :if ( [:len $result] < $reqLen ) do={ :delay 1; };
        };
        :return $result;
    };

 ### Generate User and Password
    :local auser [$getRandomStr reqLen=10];
    #:log info ("User: $auser");:local usauser (“User-“.$auser)
    :local usbuser ("user".$auser)
    :delay 1;
    :local pswd [$getRandomStr reqLen=10];
    #:log info ("Pswd: $pswd");