Creating absolute random passwords.

Hi,

I created/modified the following function to create random password and ID keys.

I ran the function of an account that had 18,000 records and 2 records had the same ID key.

How can I get this function stronger that that it would not duplicate or generate duplicate key.

function RandomPassword($Length = 7,$Upper = 1,$Number = 1) {
$Lowercase = "rbfwmcktdzdayjqhngxuvs";
$Uppercase = "WDTBMPZFRGXAKSHQVCEYUNJL";
$Numbers   = "234?56789";
if ($Upper) $Lowercase .= $Uppercase;
if ($Number) $Lowercase .= $Numbers;
srand((double)microtime()*1000000);
$i = 0;
while ($i <= $Length) {
$Num = rand() % strlen($Lowercase);
$Temp = substr($Lowercase, $Num, 1);
$Password = $Password . $Temp;
$i++;
};
return $Password;
};

Thanks

Rafael

 
rcleonAsked:
Who is Participating?
 
hernst42Connect With a Mentor Commented:
ok just read on windows you only have 32768 random numbers. replacing rand with mt_rand let the example work with the 100000 passes. Complete code which work with 100000 attached.

function RandomPassword($Length = 7,$Upper = 1,$Number = 1) {
    $Lowercase = "rbfwmcktdzdayjqhngxuvs";
    $Uppercase = "WDTBMPZFRGXAKSHQVCEYUNJL";
    $Numbers   = "234?56789";
    if ($Upper) $Lowercase .= $Uppercase;
    if ($Number) $Lowercase .= $Numbers;
    // srand((double)microtime()*1000000);
    $i = 0;
    $Password = '';
    $lenchars = strlen($Lowercase);
 
    while ($i <= $Length) {
        $Num = mt_rand(0, $lenchars);
        $Temp = substr($Lowercase, $Num, 1);
        $Password = $Password . $Temp;
        $i++;
    };
    return $Password;
};
 
for ($i = 0; $i <= 100000; ++$i) {
    $x = RandomPassword();
    if (isset($y[$x])) {
        echo "found double password after $i tries";
        exit;
    }
    $y[$x] = true;
}
echo "no double";

Open in new window

0
 
glcumminsCommented:
Unfortunately, in the computer world, there is no such concept as absolute randomness. Computers are logical, ordered machines, and the idea of randomness is the opposite of their design structure.

Programming languages attempt to generate random elements upon request, but you will need to understand that these elements are "pseudo-random", which means that they appear random, but are really logical constructs based on pre-selected algorithms.

Within such a structure, true randomness is impossible. Your best choice would be to check your existing password list as each new password is created to make sure that the new password does not already exist.
0
 
nsx106052Commented:
You could add symbols.  I would consider just downloading a program that will generate a random number.  Download.com should have one for free that will do what you want.
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
hernst42Commented:
It should work better id you remove the srand. You generate the same password if microtime() returns the same value between two calls. The random generator in php is initialized with time/microtime and thus not need to be reinitialized every call.

The problem on randomness is that you can't assure uniqueness. also a hash-function will not create unique values.
Run the function 100000 time and didn't get a double password.
0
 
rcleonAuthor Commented:
hernst42,

how did you ran the fuction 100000 time?

Thanks
0
 
hernst42Commented:

for ($i = 0; $i <= 100000; ++$i) {
    $x = RandomPassword();
    if (isset($y[$x])) {
        echo "found double password after $i tries";
        exit;
    }
}
echo "no double";

Open in new window

0
 
hernst42Commented:
ups sorry I now see a mistake in my code :-(. don't set $y[$x] = true. I'll try again
0
 
hernst42Commented:
If I remove the srand I get double passwords after excatly 4096 tries allways. So it seems the randomness repeats every 4096 tries. I will check for the code.
0
 
glcumminsCommented:
It is inevitable that you will get duplicates, given a sufficiently large set of data. It is simply unavoidable based on the way "random" numbers are generated.

Now you can improve the code above endlessly, but you will never achieve a function that will guarantee 100% randomness. It is not possible. At some point you will need to compare your new passwords with previously-created passwords to determine uniqueness.
0
 
glcumminsCommented:
By the way, a note from the PHP manual (http://www.php.net/rand)

 "Note: As of PHP 4.2.0, there is no need to seed the random number generator with srand() or mt_srand() as this is now done automatically. "
0
 
rcleonAuthor Commented:
OK

given that I agreed in can't be endlessly how can I improve the above function to increase the change of not getting duplicates lets say in 100,000 records.

Thanks
0
 
glcumminsCommented:
Not meaning to spam here, but also consider the superiority of mt_rand over rand, as explained in this note:

http://us3.php.net/manual/en/function.rand.php#73730
0
 
rcleonAuthor Commented:
As always you, people are awesome, I learn and I get help at the same time.

Thanks you all for all your help.

Thanks

Rafael
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.