Click here to Skip to main content
12,692,288 members (34,683 online)
Click here to Skip to main content
Add your own
alternative version


7 bookmarked

Generating "Random" Strings for PERL-based Cryptography

, 13 Jun 2003
Rate this:
Please Sign up or sign in to vote.
This article will detail a relatively simple method for generating a random alphanumeric string for using in the implementation of various cryptographic / security schema with PERL.

Password Generation

Perl is a powerful language in that it makes manipulation of nearly all types of data a breeze. What takes scores of lines with C++ or some other language like Java, can be accomplished with minimal effort in Perl. When performing cryptographic related work, this can be a valuable asset, especially when you need to generate information quickly. Let's say for example that you need to quickly generate a random password to secure your site...You could use code like this to make it happen...

sub generate_random_password 
    my $passwordsize = shift;
    my @alphanumeric = ('a'..'z', 'A'..'Z', 0..9);
    my $randpassword = join '', 
           map $alphanumeric[rand @alphanumeric], 0..$passwordsize;

    return $randpassword;

The code is called in this manner:

$returnvalue = generate_random_password(64);


$returnvalue = &generate_random_password(64);

These are the two contexts in which an unpackaged function may be called in Perl, any other method will throw an error and make your program act like it got hold of some bad LSD....anyhow... What code does is accept $passwordsize as a length argument and returns a string of the specified length using interpolation between 0 and the length passed to the function. You can also use it to generate pad files for OTP encryption. Simply pass it a password size that is symmetric to the size of the data you are encrypting and dump the contents into a file. That simple. This function is small but useful, hence I'm posting it here. Check it out, and I hope you'll find use for it.


This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


About the Author

John Aldrich
Web Developer
United States United States
My name is John Aldrich. I have pursued programming as a hobby for the past 6 years and currently have experience in Perl (basic / intermediate), HTML (advanced), and I have recently begun to learn C/C++. I also have a profound interest in all things graphics related and and constantly working to improve my knowledge in all areas of computing. I run a home based web software company named Professional Design Resources. If you are interested in any custom programming or would be interested in collaberating on a joint project, please feel free to contact me via email, where I'll be happy to discuss such things. Serious projects only please.

You may also be interested in...

Comments and Discussions

GeneralInteresting Pin
jc_cpu25-May-06 17:13
memberjc_cpu25-May-06 17:13 
General'yall wrong Pin
Anonymous9-Sep-04 18:33
sussAnonymous9-Sep-04 18:33 
GeneralGood Pin
Anonymous6-Jun-04 4:32
sussAnonymous6-Jun-04 4:32 
GeneralSample script is WRONG Pin
Kelly Setzer15-Apr-03 13:10
memberKelly Setzer15-Apr-03 13:10 
GeneralRe: Sample script is WRONG Pin
John Aldrich13-Jun-03 19:31
memberJohn Aldrich13-Jun-03 19:31 
GeneralRe: Sample script is WRONG Pin
Blake Coverett13-Jun-03 21:11
memberBlake Coverett13-Jun-03 21:11 
GeneralRe: Sample script is WRONG Pin
John Aldrich14-Jun-03 8:18
memberJohn Aldrich14-Jun-03 8:18 
GeneralRe: Sample script is WRONG Pin
Blake Coverett14-Jun-03 14:45
memberBlake Coverett14-Jun-03 14:45 
GeneralRe: Sample script is WRONG Pin
John Aldrich14-Jun-03 18:10
memberJohn Aldrich14-Jun-03 18:10 
GeneralRe: Sample script is WRONG Pin
Anonymous9-Nov-04 12:43
sussAnonymous9-Nov-04 12:43 
GeneralRe: Sample script is WRONG Pin
Christoph Zurnieden11-Aug-06 15:56
memberChristoph Zurnieden11-Aug-06 15:56 
It should be mentioned that this snippet is not fit for the purpose of generating secure passwords. The chance for a well mixed password (with upper case, lower case and numbers) is very high but far away from 1, so the chance of getting a string of similar characters (e.g. "aaaaaaaa") is above 0. There is even a chance to get a word from a language.
Note: a simple filter checking for a good mix of the characters in the string is not sufficient: a loop like (pseudocode)

password = generatePassword();

may not halt. That depends on the implementation of the pseudo random number generator (PRNG) of course. If the PRNG is a truely random generator (TRNG, radioactive decay or the tunneling of photons through a semipermeable (50:50) mirror. Thermic noise is not truely random btw) the output has an infinite sequence, which means that there are an infinite number of strings (finite subsequences of the TRNG sequence) not fit for a password and together with the existance of an infinite number of sequences of infinite length of the RNG producing unfit passwords it is almost sure that the algorithm described above does not halt an infinite number of times.
If the sequence of the PRNG is to short and/or a bad algorithm (e.g. a linear congruencial generator (LCG)) the set of distinct passwords is very small and it is possible, especially with such bad algorithms like the LCG mentioned above, to determine the next password and therefore the whole set of passwords.

No, generating secure passwords is hard and can't be done in three simple(!) lines of Perl.


General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.170118.1 | Last Updated 14 Jun 2003
Article Copyright 2003 by John Aldrich
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid