?
Solved

Creating absolute random passwords.

Posted on 2008-06-20
13
Medium Priority
?
221 Views
Last Modified: 2013-12-12
Hi,

I created/modified the following function to create random password and ID keys.

I ran the function of an account that had 18,000 records and 2 records had the same ID key.

How can I get this function stronger that that it would not duplicate or generate duplicate key.

function RandomPassword($Length = 7,$Upper = 1,$Number = 1) {
$Lowercase = "rbfwmcktdzdayjqhngxuvs";
$Uppercase = "WDTBMPZFRGXAKSHQVCEYUNJL";
$Numbers   = "234?56789";
if ($Upper) $Lowercase .= $Uppercase;
if ($Number) $Lowercase .= $Numbers;
srand((double)microtime()*1000000);
$i = 0;
while ($i <= $Length) {
$Num = rand() % strlen($Lowercase);
$Temp = substr($Lowercase, $Num, 1);
$Password = $Password . $Temp;
$i++;
};
return $Password;
};

Thanks

Rafael

 
0
Comment
Question by:rcleon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +1
13 Comments
 
LVL 24

Expert Comment

by:glcummins
ID: 21833719
Unfortunately, in the computer world, there is no such concept as absolute randomness. Computers are logical, ordered machines, and the idea of randomness is the opposite of their design structure.

Programming languages attempt to generate random elements upon request, but you will need to understand that these elements are "pseudo-random", which means that they appear random, but are really logical constructs based on pre-selected algorithms.

Within such a structure, true randomness is impossible. Your best choice would be to check your existing password list as each new password is created to make sure that the new password does not already exist.
0
 
LVL 12

Expert Comment

by:nsx106052
ID: 21833741
You could add symbols.  I would consider just downloading a program that will generate a random number.  Download.com should have one for free that will do what you want.
0
 
LVL 48

Expert Comment

by:hernst42
ID: 21833770
It should work better id you remove the srand. You generate the same password if microtime() returns the same value between two calls. The random generator in php is initialized with time/microtime and thus not need to be reinitialized every call.

The problem on randomness is that you can't assure uniqueness. also a hash-function will not create unique values.
Run the function 100000 time and didn't get a double password.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:rcleon
ID: 21833928
hernst42,

how did you ran the fuction 100000 time?

Thanks
0
 
LVL 48

Expert Comment

by:hernst42
ID: 21833939

for ($i = 0; $i <= 100000; ++$i) {
    $x = RandomPassword();
    if (isset($y[$x])) {
        echo "found double password after $i tries";
        exit;
    }
}
echo "no double";

Open in new window

0
 
LVL 48

Expert Comment

by:hernst42
ID: 21833943
ups sorry I now see a mistake in my code :-(. don't set $y[$x] = true. I'll try again
0
 
LVL 48

Expert Comment

by:hernst42
ID: 21833966
If I remove the srand I get double passwords after excatly 4096 tries allways. So it seems the randomness repeats every 4096 tries. I will check for the code.
0
 
LVL 24

Expert Comment

by:glcummins
ID: 21833989
It is inevitable that you will get duplicates, given a sufficiently large set of data. It is simply unavoidable based on the way "random" numbers are generated.

Now you can improve the code above endlessly, but you will never achieve a function that will guarantee 100% randomness. It is not possible. At some point you will need to compare your new passwords with previously-created passwords to determine uniqueness.
0
 
LVL 24

Expert Comment

by:glcummins
ID: 21834016
By the way, a note from the PHP manual (http://www.php.net/rand)

 "Note: As of PHP 4.2.0, there is no need to seed the random number generator with srand() or mt_srand() as this is now done automatically. "
0
 

Author Comment

by:rcleon
ID: 21834032
OK

given that I agreed in can't be endlessly how can I improve the above function to increase the change of not getting duplicates lets say in 100,000 records.

Thanks
0
 
LVL 48

Accepted Solution

by:
hernst42 earned 2000 total points
ID: 21834050
ok just read on windows you only have 32768 random numbers. replacing rand with mt_rand let the example work with the 100000 passes. Complete code which work with 100000 attached.

function RandomPassword($Length = 7,$Upper = 1,$Number = 1) {
    $Lowercase = "rbfwmcktdzdayjqhngxuvs";
    $Uppercase = "WDTBMPZFRGXAKSHQVCEYUNJL";
    $Numbers   = "234?56789";
    if ($Upper) $Lowercase .= $Uppercase;
    if ($Number) $Lowercase .= $Numbers;
    // srand((double)microtime()*1000000);
    $i = 0;
    $Password = '';
    $lenchars = strlen($Lowercase);
 
    while ($i <= $Length) {
        $Num = mt_rand(0, $lenchars);
        $Temp = substr($Lowercase, $Num, 1);
        $Password = $Password . $Temp;
        $i++;
    };
    return $Password;
};
 
for ($i = 0; $i <= 100000; ++$i) {
    $x = RandomPassword();
    if (isset($y[$x])) {
        echo "found double password after $i tries";
        exit;
    }
    $y[$x] = true;
}
echo "no double";

Open in new window

0
 
LVL 24

Expert Comment

by:glcummins
ID: 21834054
Not meaning to spam here, but also consider the superiority of mt_rand over rand, as explained in this note:

http://us3.php.net/manual/en/function.rand.php#73730
0
 

Author Comment

by:rcleon
ID: 21834160
As always you, people are awesome, I learn and I get help at the same time.

Thanks you all for all your help.

Thanks

Rafael
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question