Solved

Creating absolute random passwords.

Posted on 2008-06-20
13
213 Views
Last Modified: 2013-12-12
Hi,

I created/modified the following function to create random password and ID keys.

I ran the function of an account that had 18,000 records and 2 records had the same ID key.

How can I get this function stronger that that it would not duplicate or generate duplicate key.

function RandomPassword($Length = 7,$Upper = 1,$Number = 1) {
$Lowercase = "rbfwmcktdzdayjqhngxuvs";
$Uppercase = "WDTBMPZFRGXAKSHQVCEYUNJL";
$Numbers   = "234?56789";
if ($Upper) $Lowercase .= $Uppercase;
if ($Number) $Lowercase .= $Numbers;
srand((double)microtime()*1000000);
$i = 0;
while ($i <= $Length) {
$Num = rand() % strlen($Lowercase);
$Temp = substr($Lowercase, $Num, 1);
$Password = $Password . $Temp;
$i++;
};
return $Password;
};

Thanks

Rafael

 
0
Comment
Question by:rcleon
  • 5
  • 4
  • 3
  • +1
13 Comments
 
LVL 24

Expert Comment

by:glcummins
ID: 21833719
Unfortunately, in the computer world, there is no such concept as absolute randomness. Computers are logical, ordered machines, and the idea of randomness is the opposite of their design structure.

Programming languages attempt to generate random elements upon request, but you will need to understand that these elements are "pseudo-random", which means that they appear random, but are really logical constructs based on pre-selected algorithms.

Within such a structure, true randomness is impossible. Your best choice would be to check your existing password list as each new password is created to make sure that the new password does not already exist.
0
 
LVL 12

Expert Comment

by:nsx106052
ID: 21833741
You could add symbols.  I would consider just downloading a program that will generate a random number.  Download.com should have one for free that will do what you want.
0
 
LVL 48

Expert Comment

by:hernst42
ID: 21833770
It should work better id you remove the srand. You generate the same password if microtime() returns the same value between two calls. The random generator in php is initialized with time/microtime and thus not need to be reinitialized every call.

The problem on randomness is that you can't assure uniqueness. also a hash-function will not create unique values.
Run the function 100000 time and didn't get a double password.
0
 

Author Comment

by:rcleon
ID: 21833928
hernst42,

how did you ran the fuction 100000 time?

Thanks
0
 
LVL 48

Expert Comment

by:hernst42
ID: 21833939

for ($i = 0; $i <= 100000; ++$i) {

    $x = RandomPassword();

    if (isset($y[$x])) {

        echo "found double password after $i tries";

        exit;

    }

}

echo "no double";

Open in new window

0
 
LVL 48

Expert Comment

by:hernst42
ID: 21833943
ups sorry I now see a mistake in my code :-(. don't set $y[$x] = true. I'll try again
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 48

Expert Comment

by:hernst42
ID: 21833966
If I remove the srand I get double passwords after excatly 4096 tries allways. So it seems the randomness repeats every 4096 tries. I will check for the code.
0
 
LVL 24

Expert Comment

by:glcummins
ID: 21833989
It is inevitable that you will get duplicates, given a sufficiently large set of data. It is simply unavoidable based on the way "random" numbers are generated.

Now you can improve the code above endlessly, but you will never achieve a function that will guarantee 100% randomness. It is not possible. At some point you will need to compare your new passwords with previously-created passwords to determine uniqueness.
0
 
LVL 24

Expert Comment

by:glcummins
ID: 21834016
By the way, a note from the PHP manual (http://www.php.net/rand)

 "Note: As of PHP 4.2.0, there is no need to seed the random number generator with srand() or mt_srand() as this is now done automatically. "
0
 

Author Comment

by:rcleon
ID: 21834032
OK

given that I agreed in can't be endlessly how can I improve the above function to increase the change of not getting duplicates lets say in 100,000 records.

Thanks
0
 
LVL 48

Accepted Solution

by:
hernst42 earned 500 total points
ID: 21834050
ok just read on windows you only have 32768 random numbers. replacing rand with mt_rand let the example work with the 100000 passes. Complete code which work with 100000 attached.


function RandomPassword($Length = 7,$Upper = 1,$Number = 1) {

    $Lowercase = "rbfwmcktdzdayjqhngxuvs";

    $Uppercase = "WDTBMPZFRGXAKSHQVCEYUNJL";

    $Numbers   = "234?56789";

    if ($Upper) $Lowercase .= $Uppercase;

    if ($Number) $Lowercase .= $Numbers;

    // srand((double)microtime()*1000000);

    $i = 0;

    $Password = '';

    $lenchars = strlen($Lowercase);
 

    while ($i <= $Length) {

        $Num = mt_rand(0, $lenchars);

        $Temp = substr($Lowercase, $Num, 1);

        $Password = $Password . $Temp;

        $i++;

    };

    return $Password;

};
 

for ($i = 0; $i <= 100000; ++$i) {

    $x = RandomPassword();

    if (isset($y[$x])) {

        echo "found double password after $i tries";

        exit;

    }

    $y[$x] = true;

}

echo "no double";

Open in new window

0
 
LVL 24

Expert Comment

by:glcummins
ID: 21834054
Not meaning to spam here, but also consider the superiority of mt_rand over rand, as explained in this note:

http://us3.php.net/manual/en/function.rand.php#73730
0
 

Author Comment

by:rcleon
ID: 21834160
As always you, people are awesome, I learn and I get help at the same time.

Thanks you all for all your help.

Thanks

Rafael
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Consider the following scenario: You are working on a website and make something great - something that lets the server work with information submitted by your users. This could be anything, from a simple guestbook to a e-Money solution. But what…
Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now