in reply to Re: Alpha/Numeric random generating
in thread Alpha/Numeric random generating

If you will be generating completely random passwords like this you may want to remove "lI10O" from the PWCHARS as they tend to look alike when printed on screen depending on the font. =)

-Waswas

Replies are listed 'Best First'.
Re: Re: Re: Alpha/Numeric random generating
by FamousLongAgo (Friar) on Nov 08, 2002 at 22:38 UTC
    Along these lines, adding some non-alphanumeric characters to the list will also make the passwords much more secure.

    And for the ultimate in security, throw in some extended Unicode ;-)
[reply]
      Along these lines, adding some non-alphanumeric characters to the list will also make the passwords much more secure.

      Actually, it won't. The seed space for most rand() implementations is only 32 bits. An 8-character lower-case password has a maximum of log(26)/log(2)*8 == 37.6 bits of entropy. That means it's already much easier to brute-force the pseudorandom number generator than to brute force the password directly. Adding upper case, numeric, and non-alphanumeric characters doesn't change this.

      In order to get enough randomness, you need to use something like Crypt::Random.

      use Crypt::Random "makerandom_itv";
@chars = map chr, ord("!")..ord("~");
$pass .= $chars[
    makerandom_itv(Lower=>0, Upper=>scalar(@chars))]
    for 1..8;
print $pass, "\n";

      [download]

      String::Random is nice, but it uses weak random number generation.

[reply]
[d/l]

In Section Seekers of Perl Wisdom