>>>I tested this. As Gregory says the likilihood of getting two consecutive identical results is purely statistical. With a password length of 5 I get a duplicate once every 40-150K operations. With a password length of 10 I'm currently past 12,000,000 without a duplicate.
>>>I guess it shouldn't be hard to calculate the actual odds - but you get the picture.
>>>
>>>Even with a 5 character password does having one duplicate per several tens of thousands of instances really present a problem?
>>>And you're going to get duplicates anyway - why does the fact that they may be generated consecutively matter?
>>
>>The issue is not about getting unique values on a long period. It is in regards to an issue I have when I need to include a default value for a username and a password in a page. Thus, I call the same method twice. So, I needed to avoid receiving the same values back.
>
>Hi,
>
>So what password length are you using? Even a length of 7 puts the odds at several million to one.
>If that's not good enough you could include numbers and/or case sensitive alphas.
>But how many users are you expecting and what are the real consequences of generating two identical consecutive passwords?
>Do you envisage either party being able to make use of the fact (even if they knew it had occurred)?
>IAC, if you really cannot accept consecutive identical values then you have no option except to check them as they are generated.
>
>Regards,
>Viv
Dunno Viv, but it seems to me Michel is confusing two different/distinct cases
(1) Instantiating Random at each call - if you call the method twice in a short period of time you are almost guaranteed the results will be the same
(2) Have a static Random. Calling it again - and the time between two calls does not matter at all - has a (small, very small) probability that the result of the previous call will be equal to the result of the last one
As you say - to decrease the odds of two identical passwords in succession
- Add lower/upper case
- add digits
- increase the password size
Or test the first passwd char and compare that to the first char of the previous passwd - I posted some code about that
I would also drop the 'double consonant' array as it only increases the odds
Gregory