However, in 1994 an attack on the FIPS 181 algorithm was discovered, such that an attacker can expect, on average, to break into 1% of accounts that have passwords based on the algorithm, after searching just 1.6 million passwords.

This is due to the non-uniformity in the distribution of passwords generated, which can be addressed by using longer passwords or by modifying the algorithm.

A password generator can be part of a password manager.

One simple way to do this uses a 6 by 6 table of characters.

The first die roll selects a row in the table and the second a column.

An alternative random number generator, mt_rand, which is based on the Mersenne Twister pseudorandom number generator, is available in PHP, but it also has a 32-bit state.

There are proposals for adding strong random number generation to PHP.

So, for example, a roll of 2 followed by a roll of 4 would select the letter "j" from the fractionation table below.

To generate upper/lower case characters or some symbols a coin flip can be used, heads capital, tails lower case.

The output of rand_s is cryptographically secure, according to Microsoft, and it does not use the seed loaded by the srand function.

However its programming interface differs from rand.

In situations where the attacker can obtain an encrypted version of the password, such testing can be performed rapidly enough so that a few million trial passwords can be checked in a matter of seconds. The size of that state determines the maximum number of different values it can produce: an n-bit state can produce at most different values.

On many systems rand has a 31 or 32 bit state, which is already a significant security limitation.

Note that simply generating a password at random does not ensure the password is a strong password, because it is possible, although highly unlikely, to generate an easily guessed or cracked password.