They must be random (i.e not a sequence number) but I cannot use the same one twice. Does that make sense? | [reply] |
In this case, they necessarily become less random with each one that you generate. In other words, once you have generated 999,999 of them, you know what the next one must be.
You might be better off just shuffling the numbers 0 to 999,999. The reason I say so is that the more numbers you have already generated the harder it is going to be to find one that you haven't yet generated and the longer it will take. It simply isn't very efficient to generate a number, check to see if you have generated it before, and generate a new number if you have.
-sauoq
"My two cents aren't worth a dime.";
| [reply] |
Sure, that makes sense. In that case uniqueness seems to be of greater importance than true randomness: you just don't want the numbers to be easily guessable, correct?
One solution is to shuffle the numbers in this range and pop or shift one every time, as sauoq mentions above.
If this solution is desirable or not depends on what you are trying to achieve. How many numbers of those in your range will you issue? How hard do you want to make "guessing" a correct number? What are the consequences of "guessing" a valid number? These are some things to keep in mind.
— Arien
| [reply] [d/l] [select] |
From the best that I can tell, the technical term for what you are trying to generate is called a "nonce"- a randomized number that is never used more than once, classically used to prevent replay in authentication protocols. If security is a real concern, your best bet will be to research standard authentication protocols and implement a proven scheme that meets your needs rather than trying to role one yourself. If you are just trying to stop someone from guessing an account number after three or four tries, you could probably get away with just using rand or Math::TruelyRandom and keep track what values have already been assigned in a hash or in some other way.
Also, if you want, post your expectation for the total number of nonces generated, and the expected rate that they will assigned and we can do some back-of-the-envelope calculations as to if a 6 digit number will be sufficient.
Good luck,
cmumikey
| [reply] |