Punctuation is not included in generated passwords by default. Technically,
this is slightly less secure for a given password length, but it prevents
syntax-related bugs when a generated password is stored in a (properly-secured)
text-based configuration file.
In bytes of randomness, not length of token.
Must be a multiple of 4. Although, due to usage of base64, using a multiple
of 12 prevents a padding tilde from existing at the end of every token.