Archived Forum Post

Index of archived forum posts

Question:

Prng's RandomPassword randomly fails to include required characters

Dec 18 '15 at 10:59

While testing the following method in the Chilkat.Prng class

public string RandomPassword(int length, bool mustIncludeDigit, bool upperAndLowercase, string mustHaveOneOf, string excludeChars)

I may have stumbled over a bug while running repeated tests. More specifically I ran the following code:

var required_chars = "!#$%&*+-=?@^_";
var excluded_chars = "iIlLoO01|";
for (int i = 0; i < 100; i++)
{
    var fortuna = new Chilkat.Prng();
    var generated = fortuna.RandomPassword(16, true, true, required_chars, excluded_chars);
    if (!generated.Any(m => required_chars.Contains(m))
    {
        break;
    }
}

Randomly the breakpoint is hit and the generated string is missing at least one of the required characters. At first I thought that the method did not account for required characters also being specified as excluded characters, but that is not the case here.

I ran another test with the following code and the result is the same, but may be caused by the digits 0 and 1 being excluded:

var required_chars = "0123456789";
var excluded_chars = "iIlLoO01|!#$%&*+-=?@^_";
for (int i = 0; i < 100; i++)
{
    var fortuna = new Chilkat.Prng();
    var generated = fortuna.RandomPassword(13, true, true, "", excluded_chars);
    if (!generated.Any(m => required_chars.Contains(m))
    {
        break;
    }
}

Answer

This is now fixed in the version that is soon to be released (v9.5.0.55)


Answer

I'll have a look. However, there is a bit of internal "road construction" underway this weekend, so getting a new build out may take longer than usual. You may want to find a workaround -- such as by testing and re-trying until a valid result is obtained.


Answer

I also noticed that setting the length shorter than 6 characters does not set LastMethodSuccess as false. Shouldn't that be the case?

The LastError* is still set though:

ChilkatLog:
  RandomPassword:
    DllDate: Nov  4 2015
    ChilkatVersion: 9.5.0.54
    UnlockPrefix: XXX
    Username: XXX
    Architecture: Little Endian; 32-bit
    Language: .NET 4.5
    VerboseLogging: 0
    password length must be a minimum of 6 chars and no more than 512 chars.
    invalidLength: 4
  --RandomPassword
--ChilkatLog

I would also recommend adding the length requirement to the reference documentation.