If it's good enough for a federal information standard, it's good enough for me.

Funny. I must have been reading up on this stuff even as you were writing your reply...

The author of the module you suggested, Crypt::GeneratePassword, wrote it in part because he felt the FIPS standard wasn't good enough. It isn't based on FIPS-181. If you believe him, the algorithm he uses is better than that in Crypt::RandPasswd (which is based on FIPS-181.)

In any case, A New Attack on Random Pronounceable Password Generators (external link, PDF) was a good read.

-sauoq
"My two cents aren't worth a dime.";