|
-
Mar 17th, 2004, 11:24 AM
#1
Thread Starter
Addicted Member
File system object verse System.IO namespace
In my ASP application I created a function that created a unique password that was automatically generated for the customer. Here was my code:
Public Function GetNewPassword() As String
Dim fs
Dim intPos
Dim strChar
Dim strPassword
fs = CreateObject("Scripting.FileSystemObject")
strPassword = fs.GetBaseName(fs.GetTempName)
strPassword = Right(strPassword, Len(strPassword) - 3)
intPos = Weekday(Now())
If intPos <> 5 Then
intPos = intPos Mod 5
End If
strChar = Mid(strPassword, intPos, 1)
If IsNumeric(strPassword) Then
strChar = int(strChar)
strPassword = Chr(65 + strChar) & strPassword & Chr(90 - strChar)
Else
strPassword = strPassword & Asc(strChar)
End If
fs = Nothing
GetNewPassword = strPassword
End Function
I know that I can't use the FileSystem object in ASP.Net, but cannot find an equivelent to "GetBaseName" and "GetTempName" in the System.IO. Does anyone have a suggestion as to how I can create a unique password at runtime? Or what namespace I should be using for GetBaseName?
Thanks!
-
Mar 18th, 2004, 02:17 PM
#2
I wonder how many charact
Why not simply generate a string of 8 random characters, instead of using getTempName ?
Instantiating the FSO class, with all its overhead, just to produce 8 random characters is grossly inefficient.
-
Mar 18th, 2004, 05:17 PM
#3
Thread Starter
Addicted Member
Thanks. But how do I generate a string with 8 random characters?
-
Mar 18th, 2004, 07:56 PM
#4
I wonder how many charact
VB Code:
Dim newPassWord As String = Guid.NewGuid.ToString.Substring(0, 8)
easy enough? I wouldn't bother putting in a function either, unless you will call that code from different parts of your app...
Also, there's always a chance for duplicates... I ran a few tests, and with only 8 characters, I got a duplicate at the 56,323rd request once, but you could get a duplicate on the 2nd iteration, its statistically improbable (~1% for 2000 passwords), but it could happen. So, you can decrease the odds of duplicates by generating 10 character passwords. In all, its rather a mute point because passwords are associated with usernames which are generally unique. Now you have astonomical odds of having the same username and password combo. And even at that, if you have 1000 users and two of them have the same password, how would user #234 ever guess he had the same password as user#816? And you don't allow two people to have the same username, so you really have a unique username/password combo.
36^8 (8 character passwords):
2,821,109,907,456 (or about 3 trillion unique passwords)
36^10(10 character passwords):
3,656,158,440,062,976 ( or about 3,656 trillion unique passwords)
Last edited by nemaroller; Mar 18th, 2004 at 09:11 PM.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote