in reply to Re: Creating random passwords?
in thread Creating random passwords?

I would second merlyn's advice below, but apart from that, if using your "one-liner" sort of solution, I'd warn against including any of the characters "Il1" and "O0" when constructing a random password. These are too easily confused -- especially for the poor suckers looking at a sans-serif font -- and people will complain about not being able to login. (I wonder if the module that merlyn cited takes this into account?)

Replies are listed 'Best First'.
Re: Re: Re: Creating random passwords?
by sauoq (Abbot) on Jul 04, 2003 at 05:03 UTC
    I'd warn against including any of the characters "Il1" and "O0" when constructing a random password.

    I agree that this is good advice. And ++ for suggesting it. I just gave exactly what was asked for in the OP but I probably should have expounded a bit. Of course, he might be an intern coding to a spec he didn't write and can't change... ;-)

    I would second merlyn's advice below . . . [snip] . . . I wonder if the module that merlyn cited takes this into account?

    Please excuse my presumptuousness, but I just have to ask... Why would you second his advice to use a module if you don't know what the module does?

    -sauoq
"My two cents aren't worth a dime.";
[reply]
      Why would you second his advice...

      Well, it's true, (mea culpa!!) I haven't used Crypt::GeneratePassword myself, but I did look at the docs, and I was impressed by the description -- it purports to create quasi-pronounceable passwords, and accepts parameters to control the amount of "wierdness" you want to include in a pronounceable string (how much mixed case, how many digits or other non-letter characters, etc). Pronounceable is likely to be "better" in general, other things being equal, but it also gives the option of creating your basic random string.

      Of course, the one-liner approach is attractive -- and I wouldn't deny its usefulness -- because it can be documented in one line (many would say it needs no documentation), rather than the dozen paragraphs that must be studied to use Crypt::GeneratePassword to best effect. (Having looked more closely just now, it appears that you can control which characters to use, in a couple different ways.)

      Anyway, all that aside, I do read a lot of merlyn's stuff, and I have developed a habit of trusting his advice. (I know, one does need to be careful about that sort of habit.)

[reply]
Re: Creating random passwords?
by nkuitse (Sexton) on Jul 05, 2003 at 02:14 UTC
    Sorry to blow my own horn, but if you want to control the "shape" of the passwords that are generated, you might try my randpass script (version 1.02, just uploaded, or older version 1.01). Examples: 
    % randpass
SujTvRwgJP

% randpass --phrase 2 --join '/' --count 3
sure/sperate
truff/nimbed
locale/vitamin

% randpass --phrase 5 --source english/k
kampong kuletuk kharif kimmer kickup

% randpass --chars :HEX --word-length 16
C10B0A9BEC754BF5

% randpass --chars 01 --word-length 8 --count 4
00001000
00100101
10011110
11100000

    [download]
[reply]
[d/l]

In Section Seekers of Perl Wisdom