4

I use this source code for generating random passwords :

public string GetRandomPasswordUsingGUID(int length)
{
    // Get the GUID
    string guidResult = System.Guid.NewGuid().ToString();

    // Remove the hyphens
    guidResult = guidResult.Replace("-", string.Empty);

    // Make sure length is valid
    if (length <= 0 || length > guidResult.Length)
        throw new ArgumentException("Length must be between 1 and " + guidResult.Length);

    // Return the first length bytes
    return guidResult.Substring(0, length).ToUpper();
}

It works fine when you invoke the method ,But not in "for" loop statement .

At this case it generate some repeated password which is wrong .

for example like this :

A4MNB597D7
AMGJCCC902
AWJ80CF6HX
A78EDJECIW
A78EDJECIW
A78EDJECIW
A78EDJECIW
A78EDJECIW
A2LYJCH23N
A2LYJCH23N

How can i create random password in "For" loop statement ?

Dan J
  • 16,319
  • 7
  • 50
  • 82
Mostafa
  • 3,002
  • 10
  • 52
  • 79
  • 3
    You need to read the documentation for GUIDs. They are NOT suitable for your needs here. – asawyer May 31 '11 at 19:26
  • All you are right ! It's not a good practice for generating passwords , Maye that was better to say It create some ticket for like 500 peoples , It's not a big deal here , Please focus on my question , not the things I'm gonna do . – Mostafa May 31 '11 at 19:35
  • You may find the answers to [this similar question](http://stackoverflow.com/q/54991/238688) useful. – Dan J May 31 '11 at 19:39
  • Well then you need to tell us what you're going to do. Do you require unique passwords? Random passwords? New strong passwords? – blowdart May 31 '11 at 19:39
  • @blowdart : I'm going to create Unique string in 500 to 1000 count – Mostafa May 31 '11 at 19:42
  • What does that actually mean? 500 to 1000? – blowdart May 31 '11 at 19:43
  • @blowdart I understand you're far superior to everyone on earth when it comes to defining uniqueness and randomness in closed systems, but how about actually contributing to a valid solution or leave the thread. – Brandon Moretz May 31 '11 at 19:46
  • Well generating 500 unique passwords is easy - 1,2,3 etc, but without knowing how strong they should be any answer is as potentially useless as that one. – blowdart May 31 '11 at 19:50

5 Answers5

7

GUIDs are not random, they are only unique (within a single system). Even a random number generator has limits on it, the minimum and maximum values it will return, and being truly random means you could get the same result over and over again, you just can't tell.

Are you sure you mean random, as opposed to strong?

XKCD http://xkcd.com/221/

Ok, so now we have some idea of what you want 500 -1000 unique passwords. I'd question the need for uniqueness, as I would presume that they're for a user account, however ... (entered without VS handy)

List<string> passwords = new List<string>();

while (passwords.Length < 1000)
{
    string generated = System.Web.Security.Membership.GeneratePassword(
                           10, // maximum length
                           3)  // number of non-ASCII characters.
    if (!passwords.Contains(generated))
        passwords.Add(generated);
}

And then you'll have a list of 1000 unique passwords, which have a maximum of 10 characters, and 3 non-ASCII characters.

blowdart
  • 55,577
  • 12
  • 114
  • 149
  • A small performance improvement suggestion - use `Hashset` instead of `List` and drop the `.Contains` check as `Hashset.Add` finds duplicates quicker. – Keith May 28 '12 at 14:37
  • Now, I've been writing software for 12 years, 11 of those in .NET, and I do have a strong understanding of the .NET framework and feel comfortable doing anything. But let me tell you something, you learn something new every day. You kids out there who've been programming and think you know everything - remember this post. *I didn't know that the .NET framework had a built in random password generator!* – Mike Perrenoud Jun 03 '12 at 02:06
3

This is not an answer to the question specifically, but it is why your GUID solution will not work:

http://blogs.msdn.com/b/oldnewthing/archive/2008/06/27/8659071.aspx

asawyer
  • 17,642
  • 8
  • 59
  • 87
  • To summarize the relevant bit of that article: arbitrary substrings of GUIDs **may not be unique**. – Dan J May 31 '11 at 19:37
2

If you're going to generate random passwords in build I would strongly recommend not using "NewGuid()" because based on the generation algorithm for creating the UUIDs segments of them are based on a unique ~100ms timestamp.

Look at:

http://en.wikipedia.org/wiki/Universally_unique_identifier

You would be better off creating a look-up table of allowed characters and using a static "Random" object and indexing characters into the table based on the random number generated.

Brandon Moretz
  • 7,512
  • 3
  • 33
  • 43
1

You could use Asp.net's Membership class, which has a password generator built in. It's in the System.Web.Security namespace in the System.Web dll.

// Generate a new 12-character password with 1 non-alphanumeric character.
  string password = Membership.GeneratePassword(12, 1);

More details here on MSDN: Membership.GeneratePassword Method

Alex KeySmith
  • 16,657
  • 11
  • 74
  • 152
1

Ironically, you'd have had better results if you used the last characters of your GUID rather than the first.

To answer your question, something like this would suffice:

private static Random rng=new Random();
private static string PasswordAlphabet="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";

public string GetRandomPasswordUsingGUID(int length)
{
  string result="";

  while(length-->0)
    result+=PasswordAlphabet[rng.Next(PasswordAlphabet.Length)];

  return result;
}
Blindy
  • 65,249
  • 10
  • 91
  • 131
  • 5
    since this is used in a security sensitive context, you should use a cryptographic pseudo random generator instead ... RNGCryptoServiceProvider – DarkSquirrel42 May 31 '11 at 19:35
  • *shrug* if he wants. I think the algorithm is of more use to him, considering what he's been using. – Blindy May 31 '11 at 19:56
  • right, but someone who's looking for a way to create passwords and stumbles over this might want to create strong passwords, not only random ones ... – DarkSquirrel42 May 31 '11 at 20:02