I just use this: $newpass = substr(md5(uniqid()),0,8);
It's not particularly secure, but it does the job and users are required to change their passwords as soon as they log in with a reset password. The point is it's more efficient than loops and character accesses.