Jump to content

[SOLVED] Unique mysql/php password

jaymc

By jaymc
in PHP Coding Help

 Share

Recommended Posts

jaymc Advanced Member

jaymc

Posted
Posted

What is the best way to create unique passwords that will be stored in a mysql database

 

e.g I want to create 10 unique passwords a day and store them in a mysql table. No password can ever be the same as a previous generated one

 

Obviously I could use php rand() or something but sooner or later it will generate a duplicate password

 

One way I thought was to check after trying to insert it if it errorer because of duplicate, if so, try and generate another one and keep looping through that until it passes. But thats not a very good way in my mind

 

What is the best way?

Link to comment
Share on other sites
Yesideez Advanced Member

Yesideez

Posted
Posted

The only way to guarantee a random and unique password would be to check if it already exists in the database on creation and if it does make a new one until it is unique. Only problem is, the more records you have this could slow down.

 

Can't think of any other way!

Link to comment
Share on other sites
hellonoko Regular Member

hellonoko

Posted
Posted

Why dont you use md5() and rand() and time() all together.

 

I saw a good one where the code used the ip of the person visiting the page as part of the salt also.

 

And why isnt comparing them to the used ones a good idea? Seems like you'd want to do that no matter how long or random your passwords are to make sure they are unique?

Link to comment
Share on other sites
Yesideez Advanced Member

Yesideez

Posted
Posted

md5() returns a 32 character string (no good for a password) and whether this would be unique or not depends on time() and rand() returning a unique mix (which can't be guaranteed) so then it's back to checking the database until a random one IS picked.

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

If you are generating random values, the only way is to generate a value and see if it is a duplicate and re-generate it until you get a non-duplicate.

 

You must select a minimum length for the password to insure that the number of possible combinations is at least 10x more than the maximum that you need so that the duplicate collision and re-generation can find an available combination easily/quickly. For example, if you need 10 to 5th power of random passwords, the length of the password should allow at least 10 to the 6th power of possible combinations.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.