jaymc Posted April 3, 2009 Share Posted April 3, 2009 What is the best way to create unique passwords that will be stored in a mysql database e.g I want to create 10 unique passwords a day and store them in a mysql table. No password can ever be the same as a previous generated one Obviously I could use php rand() or something but sooner or later it will generate a duplicate password One way I thought was to check after trying to insert it if it errorer because of duplicate, if so, try and generate another one and keep looping through that until it passes. But thats not a very good way in my mind What is the best way? Quote Link to comment https://forums.phpfreaks.com/topic/152376-solved-unique-mysqlphp-password/ Share on other sites More sharing options...
Yesideez Posted April 3, 2009 Share Posted April 3, 2009 The only way to guarantee a random and unique password would be to check if it already exists in the database on creation and if it does make a new one until it is unique. Only problem is, the more records you have this could slow down. Can't think of any other way! Quote Link to comment https://forums.phpfreaks.com/topic/152376-solved-unique-mysqlphp-password/#findComment-800251 Share on other sites More sharing options...
hellonoko Posted April 3, 2009 Share Posted April 3, 2009 Why dont you use md5() and rand() and time() all together. I saw a good one where the code used the ip of the person visiting the page as part of the salt also. And why isnt comparing them to the used ones a good idea? Seems like you'd want to do that no matter how long or random your passwords are to make sure they are unique? Quote Link to comment https://forums.phpfreaks.com/topic/152376-solved-unique-mysqlphp-password/#findComment-800256 Share on other sites More sharing options...
Yesideez Posted April 3, 2009 Share Posted April 3, 2009 md5() returns a 32 character string (no good for a password) and whether this would be unique or not depends on time() and rand() returning a unique mix (which can't be guaranteed) so then it's back to checking the database until a random one IS picked. Quote Link to comment https://forums.phpfreaks.com/topic/152376-solved-unique-mysqlphp-password/#findComment-800258 Share on other sites More sharing options...
PFMaBiSmAd Posted April 3, 2009 Share Posted April 3, 2009 If you are generating random values, the only way is to generate a value and see if it is a duplicate and re-generate it until you get a non-duplicate. You must select a minimum length for the password to insure that the number of possible combinations is at least 10x more than the maximum that you need so that the duplicate collision and re-generation can find an available combination easily/quickly. For example, if you need 10 to 5th power of random passwords, the length of the password should allow at least 10 to the 6th power of possible combinations. Quote Link to comment https://forums.phpfreaks.com/topic/152376-solved-unique-mysqlphp-password/#findComment-800265 Share on other sites More sharing options...
Benmcfc Posted April 3, 2009 Share Posted April 3, 2009 Base part of the password on the user's id, which should be a unique auto incrementing number. Quote Link to comment https://forums.phpfreaks.com/topic/152376-solved-unique-mysqlphp-password/#findComment-800356 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.