Link to home
Start Free TrialLog in
Avatar of eaweb
eawebFlag for undefined

asked on

random password

hi,
i am using this code to generate a random number:
Session["Id"] = new Random().Next(1, 1000);
how can i also include uppercase and or lowercase characters to make it like a random pasword. but it must be unique.

or is there another way to generate a random but unique password and indicate how long it can be in asp.net and classic asp?

Avatar of Goofytouy
Goofytouy
Flag of Uruguay image


Hi eaweb

Can't post the code here (i should think it), but you can use:

chr(Random().Next(65,90)) to obtain uppercase random letters
chr(Random().Next(97,122)) to obtain lowercase random letters.
Also, if you use range 65 to 122 you can include some symbols ([\]^_`)
By lowering 65 to 58, you may obtain too: :;<=>?@




Oopss.. it leave me before I've finished.

You should stablish which it's going to be the length of the random password, and iterate through this functions.
You also may do a Select Case from a random 1 to 3, and according to that random, call one of the three options (numbers, lower or uppercase)


Sorry for only giving you the ideas, but I do not have reachable my working framework.
Regards
Goofy
Avatar of Member_2_3718378
Member_2_3718378

What itkamaraj said -- generating a GUID (globally unique ID) is a pretty good way to go.

http://articles.techrepublic.com.com/5100-10878_11-5708732.html
http://aspnet.4guysfromrolla.com/articles/101205-1.aspx
ASKER CERTIFIED SOLUTION
Avatar of Jaime Olivares
Jaime Olivares
Flag of Peru image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Mike Tomlinson
The author stated:

    "...a random but unique password..."

As the posts have shown thus far, there are MANY ways to generate a random string of characters that can be used as a password.

What has not been addressed is the "UNIQUE" aspect in the requirements.

Unique with respect to what?  Do you have a set of all previously generated passwords that you need to check against to prevent duplicates?

Give us more details...
Avatar of eaweb

ASKER

oh sorry,
i need the generation to be based on globally unique ID.

i need a way to do it in asp.net vb and classic asp vb
use Guid.NewGuid()
this will give a globally unique id every time
this class is a part of dotnet framework
Avatar of eaweb

ASKER

how can i convert the following .net code into classic asp code?

Public Function GetRandomPasswordUsingGUID(ByVal length as Integer) as String  
  'Get the GUID
  Dim guidResult as String = System.Guid.NewGuid().ToString()
 
  'Remove the hyphens
  guidResult = guidResult.Replace("-", String.Empty)
 
  'Make sure length is valid
  If length <= 0 OrElse length > guidResult.Length Then
    Throw New ArgumentException("Length must be between 1 and " & guidResult.Length)
  End If
 
  'Return the first length bytes
  Return guidResult.Substring(0, length)
End Function
In order to ensure uniqueness, you will have to use all 32 characters of the GUID.  If your password is less than the GUID length, you will need to combine the GUID bytes in a way that ensures uniqueness.

Otherwise, you will need to retain/persist the passwords you've generated and do a look-up to ensure uniqueness before issuing a new password.
Right...there isn't any guarantee at all that GUIDs are actually unique.  They don't have any notion of what has been generated before...

The "uniqueness" is simply based on the fact that they are so long that there are literally millions of combinations that can be produced and it is unlikely to generate the same sequence in any short period.

Directly from the documentation:
http://msdn.microsoft.com/en-us/library/system.guid.newguid.aspx

    "There is a very low probability that the value of the new Guid is all zeroes or equal to any other Guid."

By shortening the length of the value you are decreasing the number of combinations to pick from and increasing the likelihood of a repeat.  The actual probability depends on how often you generate values, how long you need a generated value to remain "unique", and whether you are disposing of the values afterwards or need to persist them so you know they have been used before.
@eaweb

1. What is the big picture for this question?  Why would passwords need to be guaranteed/absolutely unique versus probably unique?

2. How long are these passwords?

3. What kind of character set will comprise these passwords?

4. Are these passwords for use by humans or machines?  (memorability might be important)
PAQ with no refund