Hi,

I took a quick look at how you're generating passwords (after getting a hinky feeling about the output), and you've made a bit of a mistake that generates bias.

The problem is that you're generating multiple character sets of different length, selecting one, then selecting a character from the set.

So, for example if you have these sets:

Uppercase (26 chars) Lowercase (26 chars) Numbers (10 chars) Super Special (3 chars) (I made this one up)

You'd have a 25% chance each of it being a Upper/Lower/Number/Special.

Now, here's where the bias comes in - the chances each character from a class has of being selected are:

Uppercase: 0.96% Lowercase: 0.96% Numbers: 2.5% Super Special: 8.3%

The easy fix would be to simply concatenate all character sets (ensuring no dupes), then randomly select each character from the full set.

Password-generation algorithm was fixed; bias is no more.