This is a slightly simpler solution than my similar code sample above. It's a good solution for shorter password lengths, but will become significantly slower as password length increases because you throw out the entire string each time it is invalid.

You are right, but at 15 characters it takes .02s on my hardware. I did notice that randomregex() will emit consecutive duplicates rather frequently - I didn't check to see if a new instance of String::Random in each iteration would reduce that at all (or enough to make a difference in execution time).

For what I'm doing, speed isn't much of an issue. However, a friend of mine is using it on a project that he's working on, so it could cause a problem there. Although, the script has been tested up to a 500 character password, so I'm trying to eliminate any restrictions which could occur with abnormally large passwords. (Not that I'd expect anyone to have the need for a 500 character password.)

I don't expect that another instance should change behavior. Looking at the internals of String::Random, perl's built-in rand is what is used for randomness.

From perldoc:

rand() is not cryptographically secure. You should not rely on it in security-sensitive situations. As of this writing, a number of third-party CPAN modules offer random number generators intended by their authors to be cryptographically secure, including: Math::Random::Secure, Math::Random::MT::Perl, and Math::TrulyRandom.

This is maybe something the OP should take note of.