Generate Passwords with openssl

Posted by Michilimackinac in OpenSSL

You can generate some good (high entropy) passwords using this method.


Write six random bits of base64-encoded data. This will produce an eight-character string, making a good unix (crypt-based) password:


$ openssl rand -base64 6
RcqcGq4h
$

This is an example used to generate a 16-character password:


$ openssl rand -base64 12
IEoOfT/LKimAf/sd
$

When random data goes through the base encoding process, the string output is always a multiple of four possibly padded on the end with one or more ‘=’ characters. So, if you want a password that is not a multiple of four, you need to artificially chop it where you want it.

Below is an example used to generate a 37-character password.

With Cut:


$ openssl rand -base64 37 | cut -c1-37
X/UhqF1I9qO57Uz8hPufpvbOLYCeuuvqnerUM
$

Or sed:


$ openssl rand -base64 37 | sed -e ‘s/^\(.\{37\}\).*/\1/g’
sAPpFoGnbXnJrQc8Cl/QqrNwn0QK3hHrgANt1
$

Or awk:


$ openssl rand -base64 37 | awk ‘BEGIN{FS=”"} {for (i=1;i<=37;i++) printf("%s",$i);} {printf "\n"}'
WhGWSCp8Y2uilxWfOfAyQXa4QqlE78uJeH3sn
$

 

About Michilimackinac


View more articles by Michilimackinac

The Conversation

Follow the reactions below and share your own thoughts.

One Response to “Generate Passwords with openssl”

  1. May 15, 2009 at 9:46 am, gnulinux said:

    Thats brilliant.

    keep up good work.

    Reply

Leave a Reply

You may also like-

Windows 8: Change Time before the User is Forced to Change PasswordsWindows 8: Change Time before the User is Forced to Change PasswordsRequiring the changing passwords regularly is a good security measure. If you are an administrator of a system, you will want to have the ... IE: Clear AutoComplete HistoryIE: Clear AutoComplete HistoryInternet Explorer will remember all your entries into forms if you let it. For example, IE will remember all your google search terms. This ...