Hi Christos,
yes I'm referring to those settings. Having a closer look at the code I can see why you are still sometimes getting non-alphanum characters in your Moodle-generated passwords.
The generate_password() function has to respect your minimum length setting, taking into account your other restrictions (min alpha, min digits, etc.). What happens if you specify a minimum length of 8 characters but you only impose a 1 digit minimum, 1 lower case letter minimum, etc? If you add up your minimum character-class settings, you only have 3 mandatory characters in the generated passwords. But you expect 8 characters at least. So Moodle needs to add 5 more characters (at least).
And here's the thing: we don't impose a "no more than X characters of this class" restriction anywhere. So when choosing those additional 5 characters, Moodle chooses from any of the existing characters classes, including the non-alphanumeric character class.
So either we implement the "no more than X characters of this class" restrictions, or you remove the problematic characters from the PASSWORD_NONALPHANUM constant.
Saludos.
Iñaki.