A Follow-Up to Generating Random PasswordsBy Ragnvald Larsen
Alert reader Marc Vick spotted an error in the password routine. It made the routine generate passwords with a length shorter than specified length. I have attached a new version of the password-generator.
This is part of Marks mail:
The passwords do not always come back as "n" length. Sometimes they are 1,
or even 2 characters short. Is this on purpose? I wanted to ask before I
tried to determine exactly why - FYI - I simply set up a |
After someworking we found the error. Quoting Mark again in a more recent mail:
Ah ha! I got it.
Sometimes the line:
gives you a starting position that is greater then the length of the string.
I am going to figure
So the solution was quite simle. My reply to Mark:
As you said the random values sometimes causes it to choose a character
that is not in the list. Obviously the |
The fix thus involves adding
Thus the relevant part to fix is as follows (cut and paste):
Mark also asked me about the number of possible passwords:
|I saw the source code for your randomly generated passwords. I happen to have a nifty little use for such a routine, so I decided to check the uniqueness of the passwords. You know, if I used 6 characters, how many times could I call your routine before I got the exact same password back.|
If the password starts with a consonant and is supposed to be 4 characters long it will generate between 6400 and 12800 different passwords. Starting with a vocal and having a lengt of 4 characters the numbers of passwords will statistically be between 4000 and 6400 different passwords. There is a 15% chance that the password will start with a consonant.
Six character passwords would amount to at least 46656 (6**6) possible passwords. However this is not very likely as the possibility of getting only vocals is 0.15^6 - indeed a small number...
rnd-function heavily relies on seeding. Using a loop you might
experience a lot of similar passwords... While running a loop generating
1000 passwords I experienced as little as 37 different passwords. Adding a
pause with additional randomizing in the loop made the number of different
passwords go up to about 800. Using more variances will make it even
better. Seeding with timeslices only on a fast server is thus NOT a good idea!
One should also use some extra individual variable like the length of the persons name or email adress if you want to generate a lot of passwords...
For making more passwords it is possible to add CAPITALS to the string constants like here:
Which gives at least 2985984 (12^6) possible passwords as a minimum with a password length of 6 characters.
The algoritm surely (0,15^12) adds consonants from a pool of 16 consonants and thus makes it more readable and even more variable.
If someone would find it interesting to do some in-depth statistical pondering they are most welcome! :-)