Portal | Manuals | References | Downloads | Info | Programs | JCLs | Master the Mainframes
IBM Mainframe Computers Forums Index
 
Register
 
IBM Mainframe Computers Forums Index Mainframe: Search IBM Mainframe Forum: FAQ Memberlist Usergroups Profile Log in to check your private messages Log in
 

 

Random Password (in string format) generation.

 
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> COBOL Programming
View previous topic :: :: View next topic  
Author Message
ezhavendhan

New User


Joined: 27 Mar 2013
Posts: 11
Location: India

PostPosted: Mon Aug 29, 2016 3:18 pm    Post subject: Random Password (in string format) generation.
Reply with quote

Hello All,

I have got a requirement to "Generate Random Password using COBOL". Below are the conditions to be satisfied for generating the password.

a) A random password should be geneated everytime when the module is called and should be not be the same of any of previous calls.

b) The Password should be in combination of Alphanumeric( Both upper case and Lower case ) and symbols ( National characters).

c) Password length should be 10.

When researched online I could find that there's only Random generation for numeric formats.

It would be highly appreciated if someone enlighten for the possibilities in Alphanumeric formats.
Back to top
View user's profile Send private message

Bill Woodger

DFSORT Moderator


Joined: 09 Mar 2011
Posts: 7240

PostPosted: Mon Aug 29, 2016 4:11 pm    Post subject: Reply to: Random Password (in string format) generation.
Reply with quote

Forget about a). With a minimum of 52-to-the-power-of-10 possibilities for the password, you'd be extremely unlikely (one in 10-to-the-17+ for a single number) to get a repeat on a random generation, and you'd need about 10-to-the-10+ passwords generated before you get to a one-in-a-million chance of a repeat.

Count your allowable characters. Generate 10 random numbers within that range. Use a table to access the stored characters, once for each character of the password.

Confirm whether the random number should be "seeded" or not. Your Audit/Security people will know, if no-one else.
Back to top
View user's profile Send private message
Robert Sample

Global Moderator


Joined: 06 Jun 2008
Posts: 7914
Location: Bellevue, IA

PostPosted: Mon Aug 29, 2016 6:28 pm    Post subject:
Reply with quote

1. You need to understand "random" -- your point (a) completely contradicts the idea of randomness.

2. Computers do not generate mathematically random numbers -- what you get is a sequence of pseudorandom numbers. For IBM's Enterprise COBOL, from any given starting seed, you get over 2 billion values before they start repeating.

3. Read carefully the description of function RANDOM in the Enterprise COBOL Language Reference manual - it tells you several important things to know (such as the returned value is in the range of zero to one so you will have to scale it, and that you need to provide an initial seed value followed by no arguments; if you don't provide a seed the sequence will ALWAYS be the same).

4. How far back does the "requirement" for uniqueness go? If you are saying that there can never be a duplicate, then you might as well give up now as a pseudorandom sequence will repeat, sooner or later -- period. If not, you need to be clear about how many unique values are required before a duplicate could occur (a duplicate may not occur for a long time, but you still need to know how many unique values are required).

Oh, and terminology is critical in IT where similar terms may mean very different things. COBOL does not have "strings" as used in other languages -- that is, variables whose length varies at run time. COBOL allows, in very limited cases, variable length variables but unlike a Java string these variables are NOT required to be terminated with a \0 (or LOW-VALUE in COBOL terms).
Back to top
View user's profile Send private message
steve-myers

Active User


Joined: 30 Nov 2013
Posts: 461
Location: The Universe

PostPosted: Fri Sep 02, 2016 1:07 pm    Post subject:
Reply with quote

Robert Sample wrote:
... you get over 2 billion values before they start repeating. ...
Not necessarily. RANDOM returns a floating point value between 0 and 1. It is not stated in Enterprise COBOL for z/OS V4.2 Language Reference if the number is “normalized,” or “unnormalized,” or if it returns a 32 bit or 64 bit number. If it returns a 32 bit number, which seems most likely, it has a 1 bit sign, a 7 bit exponent, and a 24 bit value. Don't worry about this “normalized” or “unnormalized” business – that's just computer number geek talk, though the difference might affect scaling the number to the character set. What's important is 24 bits, which means 2^24 unique values. This is a large number, but it is much less than the 2 billion Mr. Sample innocently talked about.

The next issue is the character set. Lower case, upper case, numbers, and “national characters” is a fairly large set, but I think some characters should be excluded: 0 and 1 (the numbers), O (the upper case letter), o (the lower case character), I (the upper case character), and l (the lower case character) are my suggestions. It is all too easy to misread 0 and O, and l and 1. Heck, 55 years ago I learned to type on a typewriter where the typist was expected to use l, not 1!
Back to top
View user's profile Send private message
Robert Sample

Global Moderator


Joined: 06 Jun 2008
Posts: 7914
Location: Bellevue, IA

PostPosted: Fri Sep 02, 2016 6:27 pm    Post subject:
Reply with quote

Quote:
If it returns a 32 bit number, which seems most likely, it has a 1 bit sign, a 7 bit exponent, and a 24 bit value. Don't worry about this “normalized” or “unnormalized” business – that's just computer number geek talk, though the difference might affect scaling the number to the character set. What's important is 24 bits, which means 2^24 unique values. This is a large number, but it is much less than the 2 billion Mr. Sample innocently talked about.
From ther Enterprise COBOL Language Reference version 6.1 manual:
Quote:
argument-1
If argument-1is specified, it must be zero or a positive integer. However, only values in the range from zero up to and including 2,147,483,645 yield
a distinct sequence of pseudorandom numbers.
If a subsequent reference specifies argument-1, a new sequence of pseudorandom numbers is started.
You can use over 2 billion starting seeds -- hence you can have over 2 billion random values.

And the 31 bits all matter -- unless you consider 1.234567 times 10 to the 30th power to be the same value as 1.234567 times 10 to the minus 63rd power. Yes, the mantissa's 24 bits will be the same but the exponent's 7 bits will give you a different value for the number.
Back to top
View user's profile Send private message
steve-myers

Active User


Joined: 30 Nov 2013
Posts: 461
Location: The Universe

PostPosted: Fri Sep 02, 2016 7:40 pm    Post subject:
Reply with quote

Unfortunately, I only have access to Enterprise COBOL for z/OS V4.2 Language Reference. The first sentence for RANDOM says,
Quote:
The RANDOM function returns a numeric value that is a pseudorandom number from a rectangular distribution.
It says nothing about how the 2^31 values in the integer sequence are mapped to the 2^24 values in the 32 bit floating point number. By definition, there will be repeats. If the 31 bits are not mapped properly, IBM's claim of a “rectanglar distribution” is pure horse s***. I can state with confidence that unless the floating point value is normalized the exponent will always be X'40'.

Since I don't do Cobol, I have no way to test anything, both to test claims about the distribution or to determine if the returned value is normalized.

Unfortunately, fine details about number theory are out of my league, so I better quit.
Back to top
View user's profile Send private message
RahulG31

Active User


Joined: 20 Dec 2014
Posts: 331
Location: USA

PostPosted: Fri Sep 02, 2016 9:47 pm    Post subject: Reply to: Random Password (in string format) generation.
Reply with quote

I don't want to disturb the high level talks but I like Mr. Woodger's idea.

I am also interested in knowing from TS that why the password is not allowed to be repeatable even after 1 million or billion values.

In general, if I can relate it to current web world, the user ids are unique and they are not allowed to have even a single duplicate. But I have never seen anywhere that there is any duplicate restriction on passwords.

Moreover, the system generated passwords have a limited lifespan and they are to be changed by the end user within certain period of time (say a month). So, a password which was generated a month ago should have been expired and we could reuse that value now.

In my views, it should not be an issue if the password is repeated (with a probability of 1 in a million or a billion).

.
Back to top
View user's profile Send private message
Robert Sample

Global Moderator


Joined: 06 Jun 2008
Posts: 7914
Location: Bellevue, IA

PostPosted: Sat Sep 03, 2016 12:54 am    Post subject:
Reply with quote

The Enterprise COBOL RANDOM intrinsic function is an interesting function. It returns COMP-1 or COMP-2 (short floating point or long floating point) values. The long floating point values are NOT the same as the short floating point values; sometimes there is a difference of several digits in the last place of the short floating point value, compared to the same number of digits of the long floating point.

Using a seed value of zero and short floating point values (32-bit), the sequence generated a duplicate in the 18,823,902nd value in the sequence, running on a 5.1.1 compiler. To generate a full non-repeating sequence appears to require a 64-bit (long floating point) variable to hold the result. This duplicate took 13.2 seconds of CPU and 1.4 minutes elapsed time to find. Using 18823902 as the seed value, the first duplicate occurred at call 44,221,983 to RANDOM; this took 32 seconds of CPU time and 3.1 minutes elapsed.
Back to top
View user's profile Send private message
Bill Woodger

DFSORT Moderator


Joined: 09 Mar 2011
Posts: 7240

PostPosted: Sat Sep 03, 2016 1:32 am    Post subject: Reply to: Random Password (in string format) generation.
Reply with quote

ARITH(EXTEND) generally affects precision of floating-point results from numeric intrinsic functions. I don't know if it affects RANDOM. Without EXTEND for other functions, there is only precision to 15 digits.
Back to top
View user's profile Send private message
Robert Sample

Global Moderator


Joined: 06 Jun 2008
Posts: 7914
Location: Bellevue, IA

PostPosted: Sat Sep 03, 2016 1:45 am    Post subject:
Reply with quote

Yeah, I use ARITH(EXTEND) for most of my tests -- when I get a chance, I'll see about rerunning my tests without ARITH(EXTEND).
Back to top
View user's profile Send private message
Rohit Umarjikar

Senior Member


Joined: 21 Sep 2010
Posts: 1610
Location: NY,USA

PostPosted: Tue Sep 06, 2016 11:58 pm    Post subject:
Reply with quote

Quote:
When researched online I could find that there's only Random generation for numeric formats.
so it just a matter of clubbing other characters and special characters, right? So what and where is the problem? btw what is the Database that you use at your site? any sql will help you to get what you want with far less complications.
Quote:
random password should be geneated everytime when the module is called and should be not be the same of any of previous calls.

Then you got to save the password for that user somewhere as encrypted, if you wanted to be 100% assured.
Quote:
I am also interested in knowing from TS that why the password is not allowed to be repeatable even after 1 million or billion values.
The expected answer from TS would be 'That's the requirement/told by my lead/Business wants that way' icon_biggrin.gif
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> COBOL Programming All times are GMT + 6 Hours
Page 1 of 1

 

Search our Forum:

Similar Topics
Topic Author Forum Replies Posted
This topic is locked: you cannot edit posts or make replies. RANDOM Function in COBOL swapnil781 COBOL Programming 2 Tue Nov 15, 2016 6:17 pm
No new posts Match or compare two files in VB Format anatol DFSORT/ICETOOL 14 Thu Nov 03, 2016 7:41 pm
No new posts Low values Results from VARCHAR FORMAT balaji81_k DB2 10 Thu Oct 20, 2016 1:18 am
No new posts output data in CSV Format janmejay COBOL Programming 8 Sat Oct 15, 2016 2:20 pm
This topic is locked: you cannot edit posts or make replies. output data in CSV Format janmejay DFSORT/ICETOOL 3 Sat Oct 15, 2016 2:16 pm


Facebook
Back to Top
 
Mainframe Wiki | Forum Rules | Bookmarks | Subscriptions | FAQ | Tutorials | Contact Us