-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

If it's good enough for a federal information standard, it's good enough for me.

Funny. I must have been reading up on this stuff even as you were writing your reply...

The author of the module you suggested, Crypt::GeneratePassword, wrote it in part because he felt the FIPS standard wasn't good enough. It isn't based on FIPS-181. If you believe him, the algorithm he uses is better than that in Crypt::RandPasswd (which is based on FIPS-181.)

In any case, A New Attack on Random Pronounceable Password Generators (external link, PDF) was a good read.

-sauoq
"My two cents aren't worth a dime.";

perl -le '$p .= ("a".."z","A".."Z",0..9)[rand 62] for (1..9 + rand 7);
+ print $p'
[download]

-sauoq
"My two cents aren't worth a dime.";

I would second merlyn's advice below, but apart from that, if using your "one-liner" sort of solution, I'd warn against including any of the characters "Il1" and "O0" when constructing a random password. These are too easily confused -- especially for the poor suckers looking at a sans-serif font -- and people will complain about not being able to login. (I wonder if the module that merlyn cited takes this into account?)

I'd warn against including any of the characters "Il1" and "O0" when constructing a random password.

I agree that this is good advice. And ++ for suggesting it. I just gave exactly what was asked for in the OP but I probably should have expounded a bit. Of course, he might be an intern coding to a spec he didn't write and can't change... ;-)

I would second merlyn's advice below . . . [snip] . . . I wonder if the module that merlyn cited takes this into account?

Please excuse my presumptuousness, but I just have to ask... Why would you second his advice to use a module if you don't know what the module does?

-sauoq
"My two cents aren't worth a dime.";

Sorry to blow my own horn, but if you want to control the "shape" of the passwords that are generated, you might try my randpass script (version 1.02, just uploaded, or older version 1.01). Examples:

% randpass
SujTvRwgJP

% randpass --phrase 2 --join '/' --count 3
sure/sperate
truff/nimbed
locale/vitamin

% randpass --phrase 5 --source english/k
kampong kuletuk kharif kimmer kickup

% randpass --chars :HEX --word-length 16
C10B0A9BEC754BF5

% randpass --chars 01 --word-length 8 --count 4
00001000
00100101
10011110
11100000
[download]

Nice, I like it, can I just embed it like that in a script?

And if you're feeling lucky... come and take me home And if you feel loved If you feel lucky, if you feel loved If you feel lucky, if you feel loved You've crossed the walls - Excelled Further along through their hell All for my heart, I watch you kill You always have, you always will Now spread your wings and sail out to me....

"...can I just embed it like that in a script?"

Umm ... no offense meant toward sauoq, but why embed that code in a script when you can use Crypt::GeneratePassword instead?

use Crypt::GeneratePassword qw(chars);

my $pwd = chars(9,16,["a".."z","A".."Z",0..9]);
[download]

IMHO, one-liners shouldn't be embedded in a script ... they are one-liners, not scripts. I am glad that sauoq posted that one-liner though ... you should study it and understand it. But when it comes to creating applications, you don't have to reinvent wheels like that.

jeffa

L-LL-L--L-LL-L--L-LL-L--
-R--R-RR-R--R-RR-R--R-RR
B--B--B--B--B--B--B--B--
H---H---H---H---H---H---
(the triplet paradiddle with high-hat)

Mostly. You might want to declare $p with my() and use a better variable name. I'd be inclined to put it in a sub though:

sub generate_password {
    my @chars = ('a'..'z', 'A'..'Z', 0..9); 
    my $length = 9 + rand 7
    my $password = '';
    $password .= $chars[rand @chars] for 1 .. $length;
    return $password;  
}
[download]

-sauoq
"My two cents aren't worth a dime.";

@validi=qw/a b c d e f g  h i m n p q r s t u v z 1 2 3 4 5 6 7 8 9 1 
+2 3 4 5 6 7 8 9 * * * *  + + + +  - - - - A B C D E F G H L M N P Q R
+ S T U V Z/;
@validibis=qw/a . . . . . . , , , , , , : : : : : :  ; ; ; ; ; ; b c d
+ e f g  h i m n p q r s t u v z 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 *
+ * * *  + + + +  - - - - A B C D E F G H L M N P Q R S T U V Z/;

$quantibis=@validibis;
$quanti=@validi;

$ran=int(rand($quanti));
$pwd=$validi[$ran];

foreach(1,2,3,4,5)
{
 $rand=int(rand($quantibis));
 $pwd.=$validibis[$rand];
}

$ran=int(rand($quanti));
$pwd.=$validi[$ran];

print "La password per te creata è:\t$pwd";
[download]

I will certainly test it, nice spanish!!! I love that language :-)

And if you're feeling lucky... come and take me home And if you feel loved If you feel lucky, if you feel loved If you feel lucky, if you feel loved You've crossed the walls - Excelled Further along through their hell All for my heart, I watch you kill You always have, you always will Now spread your wings and sail out to me....