DZone Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world

Snippets has posted 5883 posts at DZone. View Full User Profile

Generate A Random Password

  • submit to reddit
        I recently had need to generate random passwords for users.  Obviously they need to be alphanumerica.  Here's what I came up with.

def newpass( len )
    chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
    newpass = ""
    1.upto(len) { |i| newpass << chars[rand(chars.size-1)] }
    return newpass

It generates a random password using the upper and lower case alphabet, and the numbers 0 to 9, to the size passed in.

No effort is made to make an easy to read password.  For example, 0 (zero) _will_ show up next to O (capital o).  Yay.


Carla Brian replied on Sun, 2012/07/15 - 6:34pm

We have made the same program when I was a college. It was really cool to finish a program like this. This could really be a good source to the students out there. - Mercy Ministries

Phil Thompson replied on Wed, 2010/05/05 - 6:22pm

small bug in disgustingangel's solution should be Having a default value for len would be nice too.

Snippets Manager replied on Sat, 2008/07/05 - 1:18am

No reason to declare the characters every time the method is called. ALLOWED_CHARACTERS = ("A".."Z").to_a + ("a".."z").to_a + ("0".."9").to_a def random_string(length) { ALLOWED_CHARACTERS.rand }.join end

Snippets Manager replied on Tue, 2009/01/06 - 8:48am

I've wrote an article about generate random password before user has been saved Please take a look:

Snippets Manager replied on Sat, 2009/01/24 - 11:55pm

The code at the top of the page has a bug in it -- rand(chars.size-1) should be rand(chars.size) since the code at the top of the page will never include a '9' in the generated password. You can test this yourself by changing chars to just be chars = ("7".."9").to_a, and then calling newpass(20)... you'll notice that '9' never shows up. The code should be: def newpass( len ) chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a newpass = "" 1.upto(len) { |i| newpass << chars[rand(chars.size)] } return newpass end Also, sprsquish's solution isn't that great (despite it being fast) since it will only include characters "a" through "f" and "0" through "9" since it the unpack('H*') just generates hex numbers and pulls the apart (you can check the PickAxe, page 624 to see this). disgustingangel's solution is good (better than peter's, which is slightly less efficient since peter's generates an array and then rewrites it, whereas disgustingangel's solution inserts the values right away instead of re-writing them later like peter's) ---Note: this is my first comment ever on DZone snippets... I felt like giving back since I benefited greatly from this page's code and given that I took the time to check them, I thought that I'd provide some feedback. Again, thank you to everyone on this page that made comments.

Jeff Smick replied on Thu, 2006/04/13 - 8:05pm

I found this one somewhere (sorry I can't remember where). def rand_str(len) { rand(256) }.pack('C*').unpack('H*').first end It's very fast

Snippets Manager replied on Sun, 2007/04/01 - 5:25pm

Maybe def newpass(len) chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a return{||chars[rand(chars.size)]}.join end could be more readable?

Snippets Manager replied on Mon, 2012/05/07 - 2:13pm

Here's what I'm using nowadays: chars = ("a".."z").to_a + ("1".."9").to_a newpass =, '').collect{chars[rand(chars.size)]}.join

Snippets Manager replied on Sun, 2006/05/28 - 1:58am

This method doesn't need to be buried though, it can instead be used to generate random keys for databases, cookies and the like. I have a method that does exactly the same thing but written completely differently here: I have to say your one is prettier. I might just steal it ;)

Snippets Manager replied on Mon, 2012/05/07 - 2:13pm

Heh. I should have figured somebody had written and released something like that. Oh well. I learnt something anyways.

Snippets Manager replied on Mon, 2012/05/07 - 2:13pm

You could also use ruby-password to generate. It does 'memorable' passwords too:

Snippets Manager replied on Mon, 2012/05/07 - 2:13pm

Eh. There's no reason not to, I suppose, but I was _really_ lazy. You understand. If I was really motivated I'd strip out all the look-alikes (1 and I) before generating the password. Wouldn't be hard.

Snippets Manager replied on Mon, 2012/05/07 - 2:13pm

In that case why not just allow a-z and 1-9. That way 0 isn't involved, and it's easier to read as there are only little letters and numbers.