Generate Passwords with openssl

Posted March 12, 2006 by Michilimackinac in OpenSSL

You can generate some good (high entropy) passwords using this method.

Write six random bits of base64-encoded data. This will produce an eight-character string, making a good unix (crypt-based) password:

$ openssl rand -base64 6

This is an example used to generate a 16-character password:

$ openssl rand -base64 12

When random data goes through the base encoding process, the string output is always a multiple of four possibly padded on the end with one or more ‘=’ characters. So, if you want a password that is not a multiple of four, you need to artificially chop it where you want it.

Below is an example used to generate a 37-character password.

With Cut:

$ openssl rand -base64 37 | cut -c1-37

Or sed:

$ openssl rand -base64 37 | sed -e ‘s/^\(.\{37\}\).*/\1/g’

Or awk:

$ openssl rand -base64 37 | awk ‘BEGIN{FS=””} {for (i=1;i<=37;i++) printf("%s",$i);} {printf "\n"}'

The Conversation

Follow the reactions below and share your own thoughts.

  • gnulinux

    Thats brilliant.

    keep up good work.

  • +fran├žois

    This is the kind of snippet that make me love linux!
    I was looking to generate random passwords in my text editor and now a simple CTRL + p does it for me

    ( with gedit: Tools-> ExternalTools)