net中的BasePage.GeneratePassword是如何工作的?

I am using BasePage.GeneratePassword(6, 10) to generate the unqiue password for the user. but I have notice that sometimes( i got 5 out of 150 users) same password is generated and i use this as unqiueId for some purpose.

How reliable is this function?

I am not setting any other property like this 'numberOfNonAlphanumericCharacters'.

Any guidance will be of great help?

Thanks Harshit

#0

it uses the RNGCryptoServiceProvider class to get a "random" sequence of bytes that are then used to generate the password. Something like the following

public static string GeneratePassword(int length, int numberOfNonAlphanumericCharacters)
{
    string str;
    int num;
    char[] punctuations= @"!@@$%^^*()_-+=[{]};:>|./?".ToCharArray();

    // removed checks for brevity //

    while(true)
    {
        byte[] data = new byte[length];
        char[] chArray = new char[length];
        int num2 = 0;
        new RNGCryptoServiceProvider().GetBytes(data);
        for (int i = 0; i < length; i++)
        {
            int num4 = data[i] % 0x57;
            if (num4 < 10)
            {
                // generate characters 0 -9
                chArray[i] = (char) (0x30 + num4);
            }
            else if (num4 < 0x24)
            {
                // generate characters A-Z
                chArray[i] = (char) ((0x41 + num4) - 10);
            }
            else if (num4 < 0x3e)
            {
                // generate characters a-z
                chArray[i] = (char) ((0x61 + num4) - 0x24);
            }
            else
            {
                // get a non alphanumeric character from the punctuations array
                chArray[i] = punctuations[num4 - 0x3e];
                num2++;
            }
        }
        if (num2 < numberOfNonAlphanumericCharacters)
        {
            Random random = new Random();
            for (int j = 0; j < (numberOfNonAlphanumericCharacters - num2); j++)
            {
                int num6;
                do
                {
                    num6 = random.Next(0, length);
                }
                while (!char.IsLetterOrDigit(chArray[num6]));
                chArray[num6] = punctuations[random.Next(0, punctuations.Length)];
            }
        }
        str = new string(chArray);
    }
    return str;
}

#1

I took Russ Cam's answer but it got stuck in a never ending loop thanks to the while(true) statement that never breaks.

So here is my example which includes a Boolean (blnExactNumberOfNonAlphanumericCharacters) to specify whether the number of non alphanumeric characters should be exact (set to true), or minimum (set to false), which is how the original Membership.GeneratePassword method works:

public string GeneratePassword(int intLength, int intNumberOfNonAlphanumericCharacters, bool blnExactNumberOfNonAlphanumericCharacters)
{
    string strPassword = "";

    if (intLength > 0)
    {
        if ((intNumberOfNonAlphanumericCharacters >= 0) && (intNumberOfNonAlphanumericCharacters <= intLength))
        {
            char[] chrSpecialCharacters = @"!@$%^*()_-+=[{]};:>|.,/?".ToCharArray();
            byte[] data = new byte[intLength];
            char[] chrArray = new char[intLength];
            int intActualNumberOfSpecialCharacters = 0;
            new RNGCryptoServiceProvider().GetBytes(data);
            for (int i = 0; i < intLength; i++)
            {
                int intRemainderOfModuloDivision = data[i] % (62 + chrSpecialCharacters.Length); //was hex 0x57 (87)
                if (intRemainderOfModuloDivision < 10)
                {
                    // generate characters 0-9
                    chrArray[i] = (char)(48 + intRemainderOfModuloDivision); //was hex 0x30
                }
                else if (intRemainderOfModuloDivision < 36) //0x24
                {
                    // generate characters A-Z
                    chrArray[i] = (char)((65 + intRemainderOfModuloDivision) - 10); //was hex 0x41
                }
                else if (intRemainderOfModuloDivision < 62) //0x3e
                {
                    // generate characters a-z
                    chrArray[i] = (char)((97 + intRemainderOfModuloDivision) - 36); //was hex 0x61 & 0x24
                }
                else
                {
                    // get a non alphanumeric character from the special character array
                    chrArray[i] = chrSpecialCharacters[intRemainderOfModuloDivision - 62]; //was hex 0x3e
                    intActualNumberOfSpecialCharacters++;
                }
            }
            if (intActualNumberOfSpecialCharacters < intNumberOfNonAlphanumericCharacters)
            {
                //if there are less special characters than the minimum required amount then add the minimum required
                Random random = new Random();
                for (int j = 0; j < (intNumberOfNonAlphanumericCharacters - intActualNumberOfSpecialCharacters); j++)
                {
                    int intRandomArrayPointer;
                    do
                    {
                        intRandomArrayPointer = random.Next(0, intLength);
                    }
                    while (!char.IsLetterOrDigit(chrArray[intRandomArrayPointer]));
                    chrArray[intRandomArrayPointer] = chrSpecialCharacters[random.Next(0, chrSpecialCharacters.Length)];
                }
            }
            else if ((blnExactNumberOfNonAlphanumericCharacters) && (intActualNumberOfSpecialCharacters > intNumberOfNonAlphanumericCharacters))
            {
                //if the exact amount is needed then we replace unwanted ones with regular letters and/or digits
                Random random = new Random();
                for (int j = 0; j < (intActualNumberOfSpecialCharacters - intNumberOfNonAlphanumericCharacters); j++)
                {
                    int intRandomArrayPointer;
                    do
                    {
                        intRandomArrayPointer = random.Next(0, intLength);
                    }
                    while (char.IsLetterOrDigit(chrArray[intRandomArrayPointer]));

                    char[] chrLetterAndDigitArray = new char[62];

                    int intPointer = 0;

                    //add characters 0-9
                    for (int l = 48; l <= 57; l++)
                    {
                        chrLetterAndDigitArray[intPointer] = Convert.ToChar(l);
                        intPointer++;
                    }

                    //add characters A-Z
                    for (int l = 65; l <= 90; l++)
                    {
                        chrLetterAndDigitArray[intPointer] = Convert.ToChar(l);
                        intPointer++;
                    }

                    //add characters a-z
                    for (int l = 97; l <= 122; l++)
                    {
                        chrLetterAndDigitArray[intPointer] = Convert.ToChar(l);
                        intPointer++;
                    }
                    chrArray[intRandomArrayPointer] = chrLetterAndDigitArray[random.Next(0, chrLetterAndDigitArray.Length)]; 
                }                   
            }
            strPassword = new string(chrArray);
        }
    }
    return strPassword;
}

推荐文章

如何避免将JSONP返回缓存在HTML5离线应用程序中?

如何避免将JSONP返回缓存在HTML5离线应用程序中?

推荐文章

Python:如何找到空闲重启的原因?

Python:如何找到空闲重启的原因?

推荐文章

Ken Burns对actionscript3的影响

Ken Burns对actionscript3的影响

推荐文章

我可以将select语句的结果作为参数的值传递到存储过程中吗?

我可以将select语句的结果作为参数的值传递到存储过程中吗?

推荐文章

对话框不能用.Show正确显示,但不希望在C中多线程处理时阻塞.ShowDialog#

对话框不能用.Show正确显示,但不希望在C中多线程处理时阻塞.ShowDialog#

推荐文章

SharePoint-从MySite链接回门户

SharePoint-从MySite链接回门户

推荐文章

维修性设计模式问题

维修性设计模式问题

推荐文章

jquery单击事件后停止mouseover事件

jquery单击事件后停止mouseover事件

推荐文章

套接字关闭问题-数据的最后一部分丢失

套接字关闭问题-数据的最后一部分丢失

推荐文章

如何在父集中查找不在子集中的项

如何在父集中查找不在子集中的项

推荐文章

如何更改框架的大小?

如何更改框架的大小?

推荐文章

用Django存储数据库设置的最佳方法是什么?

用Django存储数据库设置的最佳方法是什么?

推荐文章

使用Union避免动态分配问题

使用Union避免动态分配问题

推荐文章

个人facebook应用程序(没有人可以自己添加的应用程序)

个人facebook应用程序(没有人可以自己添加的应用程序)

推荐文章

ASP.Net MVC:是否可以使用窗体集合来确定选择了哪个单选按钮?

ASP.Net MVC:是否可以使用窗体集合来确定选择了哪个单选按钮?

推荐文章

如何记录和比较任何程序安装前后的Windows注册表数据?

如何记录和比较任何程序安装前后的Windows注册表数据?