What is Coldfusion 10 random number generation best practice?

Question

Do you still need to use Randomize if you are using RandRange with an algorithm? For example:

  RandRange(1, 37, "SHA1PRNG")  

Adobe's documentation says:

SHA1PRNG: generates a number using the Sun Java SHA1PRNG algorithm. This algorithm provides greater randomness than the default algorithm.

It would be nice if there was one function which provided the most randomized sequence possible. The example given by Adobe uses both Randomize and RandRange.

Any clarification would be welcome.

Additional info:

In this context I am choosing random characters from a list of about 40 to allocate a password of 7 characters. I'd like to avoid duplicates although there are also separate (though not necessarily unique) usernames. Nothing financial or confidential is at stake - just need to identify users of an educational website.

Answer 1

For non-repeating, you gotta reduce the randRange's range and select from a list of unused characters.

Sure, use RandRange with SHA1PRNG and don't worry about it.

You don't really need randomize. It's only used for seeding the random functions when you want predictable random sequence for debugging purposes.

An alternative solution would be shuffling a collection of character using java.util.Collections's shuffle(), then use left() to get the desired length of non-repeating characters. See: http://www.bennadel.com/blog/2284-Using-java-util-Collections-To-Shuffle-A-ColdFusion-Query-Column-Corrupts-Column-Values.htm