I am at my wit’s end. I’ve tried several things, but:

1. I am not a programmer
2. I am not a programmer
   AND
3. I am not a programmer…
   
   
   Anyone have good code (MikroTik script) to generate a “random” password? I don’t care if it’s really random, but just need to generate a 5 or 6 character password. This will be for a hotspot at a hotel. I only need to generate (for now) one password daily.

Things I’ve thought about:

1. Add a firewall rule like this:
   /ip firewall add chain=forward place-before=0 action=passthrough

Then, when my script runs, I can get the packet count (or byte count for that matter) of matches on that rule. I can use that as a base for creating a “random” password.

2. Run a script OFF the Mikrotik on a FreeBSD server (or Linux box) then transfer the .rsc to update the password. (while this would be more “random”, it would be a less than perfect solution).

Anyone have some working code to generate a “random” password on MT? I don’t care how strong the password is…Just need some ideas for how to do this. Oh, yeah…I need it last week.

Router OS built in scripting language doesn’t have random generator.
But you can generate script on linux or other OS to generate random password, then upload script to MT and execute it.

Yes, I realize these things (in fact, I said this in my post). What I’m wondering is if anyone has any ideas besides the FreeBSD (not a linux guy myself) method. Using a counter should work (sort of), but I’m not sure the best way to approach this. I am just looking for ideas and (ideally) some code.

I found a solution. I was making it too hard.

I started with a numeric password, then (in the script) grabbed that password, applied a formula and set the new password to the new value. The formula is one that will produce a series of 4 digit numbers. In my testing (I didn’t test very many “seed” values) I did not produce a series shorter than 800 numbers before it repeated, which is fine, since we will be changing the password weekly. For the “math impaired” who read this, that is every 5600 weeks (or over 107 years). I hope to see a random number function in MikroTik before the 107 years is up.

well you could try like this. Script will generate 3 character long password:

#add firewall rules
/ip firewall filter 
add action=passthrough chain=forward random=5 comment=r1
add action=passthrough chain=forward random=2 comment=r2
add action=passthrough chain=forward random=3 comment=r3

and now you can use this script.

# define char table
:global chArray a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z
:local strPass "";

#get counters
:local ch1num [/ip firewall filter get [find comment=r1] packets ];
:local ch2num [/ip firewall filter get [find comment=r2] packets ];
:local ch3num [/ip firewall filter get [find comment=r3] packets ];

# make sure counter is not larger than 25
if ( ch1num > 25 ) do={ /ip firewall filter reset-counters [find comment=r1]; :set ch1num 0; };
if ( ch2num > 25 ) do={ /ip firewall filter reset-counters [find comment=r2]; :set ch2num 0; };
if ( ch3num > 25 ) do={ /ip firewall filter reset-counters [find comment=r3]; :set ch3num 0; };

# generate password
:set strPass ( [:tostr [ :pick $chArray $ch1num ]] . [:tostr [:pick $chArray ch2num ]] . [:tostr [:pick $chArray $ch1num ]] );

:put $strPass ;

#the end

The same can be done by getting seconds from clock (this could be even better approach ).

A quick edit - the “generate password” line had a couple of typo’s

define char table

:global chArray a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z
:local strPass “”;

#get counters
:local ch1num [/ip firewall filter get [find comment=r1] packets ];
:local ch2num [/ip firewall filter get [find comment=r2] packets ];
:local ch3num [/ip firewall filter get [find comment=r3] packets ];

make sure counter is not larger than 25

if ( ch1num > 25 ) do={ /ip firewall filter reset-counters [find comment=r1]; :set ch1num 0; };
if ( ch2num > 25 ) do={ /ip firewall filter reset-counters [find comment=r2]; :set ch2num 0; };
if ( ch3num > 25 ) do={ /ip firewall filter reset-counters [find comment=r3]; :set ch3num 0; };

generate password

:set strPass ( [:tostr [ :pick $chArray $ch1num ]] . [:tostr [:pick $chArray $ch2num ]] . [:tostr [:pick $chArray $ch3num ]] );

:put $strPass ;

#the end

neither of these works on v 5.19.

Hello guys, im new here and find this stuff useful and make some corrects to script

:local ruleprefix "random-"

:put "list rules to void unseen changes"
/ip firewall filter print without-paging

:put "set up password length"
:local passlen
if ([:tostr $passlen]="") do={:set passlen 8}

:put "make passthrough rules if none. according to passlen"
#/ip firewall filter remove [ find comment~$ruleprefix ]
:for i from=1 to=$passlen do={
	:local coment ($ruleprefix.[:tostr $i])
	if ([/ip firewall filter find comment=$coment]="") do={
		/ip firewall filter add action=passthrough chain=forward place-before=0 random=($i+1) comment=$coment
	}
}

:put "define char table"
:global chArray
if ([:tostr $chArray]="") do={:set chArray a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z}

:put "count letters"
:local letters ( [:len $chArray ] - 1 )

:put "remember old password if any"
:global randompassword
:global oldpassword
if ($randompassword!="") do={:set oldpassword $randompassword}
:set randompassword ""

:put "generate new password"
:for i from=1 to=$passlen do={
	:local chnum [/ip firewall filter get [find comment=($ruleprefix.[:tostr $i])] packets ]
	if ( chnum > $letters ) do={
		:set chnum ( chnum - $letters * ( chnum / $letters ) )
		# need to reset?
		#/ip firewall filter reset-counters [find comment=($ruleprefix.[:tostr $i])]
	}
	:set randompassword [:tostr ( $randompassword . [ :tostr [ :pick $chArray $chnum ] ] ) ]
}

if ($oldpassword=$randompassword) do={
	:put "new password same - ignoring"
} else={
	:put "new password differs - change and email"
	........
}

Then we can anything to password - send it via email, send if it changes after 24h etc. Hope it would be useful to someone