Re: Re: Re: Creating random passwords?

I'd warn against including any of the characters "Il1" and "O0" when constructing a random password.

I agree that this is good advice. And ++ for suggesting it. I just gave exactly what was asked for in the OP but I probably should have expounded a bit. Of course, he might be an intern coding to a spec he didn't write and can't change... ;-)

I would second merlyn's advice below . . . [snip] . . . I wonder if the module that merlyn cited takes this into account?

Please excuse my presumptuousness, but I just have to ask... Why would you second his advice to use a module if you don't know what the module does?

-sauoq
"My two cents aren't worth a dime.";

Comment on Re: Re: Re: Creating random passwords?

Replies are listed 'Best First'.
Re: Re: Re: Re: Creating random passwords? by graff (Chancellor) on Jul 04, 2003 at 05:48 UTC
Why would you second his advice... Well, it's true, (mea culpa!!) I haven't used Crypt::GeneratePassword myself, but I did look at the docs, and I was impressed by the description -- it purports to create quasi-pronounceable passwords, and accepts parameters to control the amount of "wierdness" you want to include in a pronounceable string (how much mixed case, how many digits or other non-letter characters, etc). Pronounceable is likely to be "better" in general, other things being equal, but it also gives the option of creating your basic random string. Of course, the one-liner approach is attractive -- and I wouldn't deny its usefulness -- because it can be documented in one line (many would say it needs no documentation), rather than the dozen paragraphs that must be studied to use Crypt::GeneratePassword to best effect. (Having looked more closely just now, it appears that you can control which characters to use, in a couple different ways.) Anyway, all that aside, I do read a lot of merlyn's stuff, and I have developed a habit of trusting his advice. (I know, one does need to be careful about that sort of habit.)	[reply]

Replies are listed 'Best First'.

Re: Re: Re: Re: Creating random passwords?
by graff (Chancellor) on Jul 04, 2003 at 05:48 UTC

Why would you second his advice...

Well, it's true, (mea culpa!!) I haven't used Crypt::GeneratePassword myself, but I did look at the docs, and I was impressed by the description -- it purports to create quasi-pronounceable passwords, and accepts parameters to control the amount of "wierdness" you want to include in a pronounceable string (how much mixed case, how many digits or other non-letter characters, etc). Pronounceable is likely to be "better" in general, other things being equal, but it also gives the option of creating your basic random string.

Of course, the one-liner approach is attractive -- and I wouldn't deny its usefulness -- because it can be documented in one line (many would say it needs no documentation), rather than the dozen paragraphs that must be studied to use Crypt::GeneratePassword to best effect. (Having looked more closely just now, it appears that you can control which characters to use, in a couple different ways.)

Anyway, all that aside, I do read a lot of merlyn's stuff, and I have developed a habit of trusting his advice. (I know, one does need to be careful about that sort of habit.)

[reply]