?
Solved

Creating absolute random passwords.

Posted on 2008-06-20
13
Medium Priority
?
225 Views
Last Modified: 2013-12-12
Hi,

I created/modified the following function to create random password and ID keys.

I ran the function of an account that had 18,000 records and 2 records had the same ID key.

How can I get this function stronger that that it would not duplicate or generate duplicate key.

function RandomPassword($Length = 7,$Upper = 1,$Number = 1) {
$Lowercase = "rbfwmcktdzdayjqhngxuvs";
$Uppercase = "WDTBMPZFRGXAKSHQVCEYUNJL";
$Numbers   = "234?56789";
if ($Upper) $Lowercase .= $Uppercase;
if ($Number) $Lowercase .= $Numbers;
srand((double)microtime()*1000000);
$i = 0;
while ($i <= $Length) {
$Num = rand() % strlen($Lowercase);
$Temp = substr($Lowercase, $Num, 1);
$Password = $Password . $Temp;
$i++;
};
return $Password;
};

Thanks

Rafael

 
0
Comment
Question by:rcleon
  • 5
  • 4
  • 3
  • +1
13 Comments
 
LVL 24

Expert Comment

by:glcummins
ID: 21833719
Unfortunately, in the computer world, there is no such concept as absolute randomness. Computers are logical, ordered machines, and the idea of randomness is the opposite of their design structure.

Programming languages attempt to generate random elements upon request, but you will need to understand that these elements are "pseudo-random", which means that they appear random, but are really logical constructs based on pre-selected algorithms.

Within such a structure, true randomness is impossible. Your best choice would be to check your existing password list as each new password is created to make sure that the new password does not already exist.
0
 
LVL 12

Expert Comment

by:nsx106052
ID: 21833741
You could add symbols.  I would consider just downloading a program that will generate a random number.  Download.com should have one for free that will do what you want.
0
 
LVL 48

Expert Comment

by:hernst42
ID: 21833770
It should work better id you remove the srand. You generate the same password if microtime() returns the same value between two calls. The random generator in php is initialized with time/microtime and thus not need to be reinitialized every call.

The problem on randomness is that you can't assure uniqueness. also a hash-function will not create unique values.
Run the function 100000 time and didn't get a double password.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:rcleon
ID: 21833928
hernst42,

how did you ran the fuction 100000 time?

Thanks
0
 
LVL 48

Expert Comment

by:hernst42
ID: 21833939

for ($i = 0; $i <= 100000; ++$i) {
    $x = RandomPassword();
    if (isset($y[$x])) {
        echo "found double password after $i tries";
        exit;
    }
}
echo "no double";

Open in new window

0
 
LVL 48

Expert Comment

by:hernst42
ID: 21833943
ups sorry I now see a mistake in my code :-(. don't set $y[$x] = true. I'll try again
0
 
LVL 48

Expert Comment

by:hernst42
ID: 21833966
If I remove the srand I get double passwords after excatly 4096 tries allways. So it seems the randomness repeats every 4096 tries. I will check for the code.
0
 
LVL 24

Expert Comment

by:glcummins
ID: 21833989
It is inevitable that you will get duplicates, given a sufficiently large set of data. It is simply unavoidable based on the way "random" numbers are generated.

Now you can improve the code above endlessly, but you will never achieve a function that will guarantee 100% randomness. It is not possible. At some point you will need to compare your new passwords with previously-created passwords to determine uniqueness.
0
 
LVL 24

Expert Comment

by:glcummins
ID: 21834016
By the way, a note from the PHP manual (http://www.php.net/rand)

 "Note: As of PHP 4.2.0, there is no need to seed the random number generator with srand() or mt_srand() as this is now done automatically. "
0
 

Author Comment

by:rcleon
ID: 21834032
OK

given that I agreed in can't be endlessly how can I improve the above function to increase the change of not getting duplicates lets say in 100,000 records.

Thanks
0
 
LVL 48

Accepted Solution

by:
hernst42 earned 2000 total points
ID: 21834050
ok just read on windows you only have 32768 random numbers. replacing rand with mt_rand let the example work with the 100000 passes. Complete code which work with 100000 attached.

function RandomPassword($Length = 7,$Upper = 1,$Number = 1) {
    $Lowercase = "rbfwmcktdzdayjqhngxuvs";
    $Uppercase = "WDTBMPZFRGXAKSHQVCEYUNJL";
    $Numbers   = "234?56789";
    if ($Upper) $Lowercase .= $Uppercase;
    if ($Number) $Lowercase .= $Numbers;
    // srand((double)microtime()*1000000);
    $i = 0;
    $Password = '';
    $lenchars = strlen($Lowercase);
 
    while ($i <= $Length) {
        $Num = mt_rand(0, $lenchars);
        $Temp = substr($Lowercase, $Num, 1);
        $Password = $Password . $Temp;
        $i++;
    };
    return $Password;
};
 
for ($i = 0; $i <= 100000; ++$i) {
    $x = RandomPassword();
    if (isset($y[$x])) {
        echo "found double password after $i tries";
        exit;
    }
    $y[$x] = true;
}
echo "no double";

Open in new window

0
 
LVL 24

Expert Comment

by:glcummins
ID: 21834054
Not meaning to spam here, but also consider the superiority of mt_rand over rand, as explained in this note:

http://us3.php.net/manual/en/function.rand.php#73730
0
 

Author Comment

by:rcleon
ID: 21834160
As always you, people are awesome, I learn and I get help at the same time.

Thanks you all for all your help.

Thanks

Rafael
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses
Course of the Month13 days, 10 hours left to enroll

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question