This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.

Try a random number n between 0 and 35; if it is over 25 use n%26 and use that as a digit; if less than 26 use n+1 where a=1, b=2, etc. You can add 0x41 to it and cast to a char.

Another idea is to create an array of values you want to include in the password. Randomly generate a valid array index, then pull that value from the array. See this page for an example.

If you want to ensure that at least one number and one letter are included, there are a couple of things you can do:

1) simply check the generated string using a regex. If it does not include at least one number and one letter, reject it and generate a new one. A bit brute force, but it works, and given today's CPU power, it doesn't cost too much to potentially throw a few "bad" values away until a valid one is generated. So you could still use the RandPass API you found, or use the any of the above ideas.

2) Create two arrays. One that is all letters and one that is letters, numbers and any allowable special characters. Generate two random numbers that are less than the size of the desired String (say 10) you want to generate. Make sure the two numbers are not the same. If so, keep regenerating the second one until its different. These will become index values for a CharSequence or char array that will become the final string (say we generated 8 & 3). For the first index number (8), generate a random number from 0-9 (you may want to leave out 0 since it can be confused with the letter O.) Use that number (say 5) in the first random index (so index 8 in this case). Then generate a number that is in the index range of your letter only array. (or use Campbell's char conversion idea if using the ASCII range of A-Z.) The advantage of the array is you can leave out the letter 'O' which might be confused with the number 0. That letter (say R) becomes the value of the second index (3 in our example). So at this point we ___R____5_. At this point we have met our requirement of one number and one letter, but they are not always in the same place in our String (thus weakening our password). Fill in the remaining blanks by generating a random number within the index range of the array that contains letters and numbers, and special characters. Use the character at that index in the array. Repeat for all remaining blanks in your desired password. This technique can be used if you have a requirement for any combination of things... at least one upper and one lower case, at least one number, at least one special character... etc.

I hope that helps. [ August 25, 2008: Message edited by: Mark Vedder ]

[DOM]: Hmm, I though "random unique" was possibly an oxymoron.

Nope. There are many kinds of random distributions - an even, unchanging distribution over a finite range may be the simplest thing to imagine, but it's not the only possibility. And it's not hard to generate random unique numbers, if you can persist a list (set, really) of already-used values in a DB somewhere. Though there will be problems if you exhaust the range of possible numbers. E.g. if you limit yourself to positive three-digit numbers, you can only call the method a thousand times before unique results become impossible. Similar limitations exist for any finite range you might choose - it's just a question of scale.