I'd warn against including any of the characters "Il1" and "O0" when constructing a random password.

I agree that this is good advice. And ++ for suggesting it. I just gave exactly what was asked for in the OP but I probably should have expounded a bit. Of course, he might be an intern coding to a spec he didn't write and can't change... ;-)

I would second merlyn's advice below . . . [snip] . . . I wonder if the module that merlyn cited takes this into account?

Please excuse my presumptuousness, but I just have to ask... Why would you second his advice to use a module if you don't know what the module does?

-sauoq
"My two cents aren't worth a dime.";

Why would you second his advice...

Well, it's true, (mea culpa!!) I haven't used Crypt::GeneratePassword myself, but I did look at the docs, and I was impressed by the description -- it purports to create quasi-pronounceable passwords, and accepts parameters to control the amount of "wierdness" you want to include in a pronounceable string (how much mixed case, how many digits or other non-letter characters, etc). Pronounceable is likely to be "better" in general, other things being equal, but it also gives the option of creating your basic random string.

Of course, the one-liner approach is attractive -- and I wouldn't deny its usefulness -- because it can be documented in one line (many would say it needs no documentation), rather than the dozen paragraphs that must be studied to use Crypt::GeneratePassword to best effect. (Having looked more closely just now, it appears that you can control which characters to use, in a couple different ways.)

Anyway, all that aside, I do read a lot of merlyn's stuff, and I have developed a habit of trusting his advice. (I know, one does need to be careful about that sort of habit.)

% randpass
SujTvRwgJP

% randpass --phrase 2 --join '/' --count 3
sure/sperate
truff/nimbed
locale/vitamin

% randpass --phrase 5 --source english/k
kampong kuletuk kharif kimmer kickup

% randpass --chars :HEX --word-length 16
C10B0A9BEC754BF5

% randpass --chars 01 --word-length 8 --count 4
00001000
00100101
10011110
11100000
[download]

Umm ... no offense meant toward sauoq, but why embed that code in a script when you can use Crypt::GeneratePassword instead?

use Crypt::GeneratePassword qw(chars);

my $pwd = chars(9,16,["a".."z","A".."Z",0..9]);
[download]

jeffa

L-LL-L--L-LL-L--L-LL-L--
-R--R-RR-R--R-RR-R--R-RR
B--B--B--B--B--B--B--B--
H---H---H---H---H---H---
(the triplet paradiddle with high-hat)

Umm ... no offense meant toward sauoq,

Why would I take any offense?

but why embed that code in a script when you can use Crypt::GeneratePassword instead?

This is an old discussion. There are many reasons why one might choose to use a short piece of code instead of a module. And vice versa. In fact, many of them overlap. It's all a question of your priorities for the project at hand. Things to consider include maintainability, verifiability, deployability, development efficiency, run time efficiency, and compatibility among others. Even corporate culture can play a role.

But when it comes to creating applications, you don't have to reinvent wheels like that.

You're right, you don't. And CPAN is one of the most wonderful things about Perl. On the other hand, sometimes a custom built wheel fits better than a generic one. Fortunately, Perl gives us the tools to build those too. As for which is best, well, the only answer is: "it depends."

Lucky for us, Perl so often gives us the choice. :-)

-sauoq
"My two cents aren't worth a dime.";

Mostly. You might want to declare $p with my() and use a better variable name. I'd be inclined to put it in a sub though:

sub generate_password {
    my @chars = ('a'..'z', 'A'..'Z', 0..9); 
    my $length = 9 + rand 7
    my $password = '';
    $password .= $chars[rand @chars] for 1 .. $length;
    return $password;  
}
[download]

-sauoq
"My two cents aren't worth a dime.";