It's tough to generate good passwords. Users can't remember the hard ones, anyone can figure out the simple ones. We live in a world where two of the most common passwords are abc123 and password.

That why we have tools to generate passwords for us. Take, for instance, the following PHP, sent in by Dmitriy.


  function GenPswd($nlen, $usealpha, $usenumeric) {
  // Generate an alpha-numeric password to a specified length
  // Parameters:
  //   nlen - length of password to be returned as a string
  //   usealpha - Boolean argument that specifies whether to use
  //              alpha characters in the password. True - password
  //              will contain alpha characters except for ILOQZ
  //              which can be easily confused with numerics.
  //              False - password will only contain numeric digits.
  //   usenumeric - Boolean argument that specifies whether to use
  //                numeric digits in the password. True - password
  //                will contain numeric digits. False - password
  //                will only contain alpha characters. Ignored if
  //                usealpha is false, so if both are false,
  //                passwords will be numeric only.
  // Returned value: a password string
      $disallow = "ILOQZiloqz";
  // if no alpha, add all alpha characters to disallow
      $uczchar = ord("Z");
      $ucachar = ord("A");
      $lczchar = ord("z");
      $lcachar = ord("a");
      $n0char = ord("0");
      $n9char = ord("9");
      if (!$usealpha) {
          for ($n=$ucachar;$n<=$uczchar;$n++) {
              $disallow .= chr($n);
          for ($n=$lcachar;$n<=$lczchar;$n++) {
              $disallow .= chr($n);
      } else {
          if (!$usenumeric) {
              for ($n=0;$n<10;$n++) {
                  $disallow .= $n;
  // now randomly generate password to specified length
      $maxord = max($uczchar,$lczchar,$n9char);
      $minord = min($ucachar,$lcachar,$n0char);
      $pwd = "";
      while (strlen($pwd) < $nlen) {
          $n = rand($minord,$maxord);
          if ((($n >= $ucachar && $n <= $uczchar) ||
              ($n >= $lcachar && $n <= $lczchar) ||
              ($n >= $n0char && $n <= $n9char)) &&
              !strpos($disallow, chr($n))) {
              $pwd .= chr($n);
      return $pwd;


To keep from ruining the fun, it is left as an exercise to the reader to figure out what this code does generate. As far as I'm concerned, it has one redeeming quality: according to Dmitriy, it's never actually called anywhere.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!