Generate Passwords with openssl

Posted March 12, 2006 by Michilimackinac in OpenSSL

You can generate some good (high entropy) passwords using this method.

Write six random bits of base64-encoded data. This will produce an eight-character string, making a good unix (crypt-based) password:

$ openssl rand -base64 6

This is an example used to generate a 16-character password:

$ openssl rand -base64 12

When random data goes through the base encoding process, the string output is always a multiple of four possibly padded on the end with one or more ‘=’ characters. So, if you want a password that is not a multiple of four, you need to artificially chop it where you want it.

Below is an example used to generate a 37-character password.

With Cut:

$ openssl rand -base64 37 | cut -c1-37

Or sed:

$ openssl rand -base64 37 | sed -e ‘s/^\(.\{37\}\).*/\1/g’

Or awk:

$ openssl rand -base64 37 | awk ‘BEGIN{FS=””} {for (i=1;i<=37;i++) printf("%s",$i);} {printf "\n"}' WhGWSCp8Y2uilxWfOfAyQXa4QqlE78uJeH3sn $

The Conversation

Follow the reactions below and share your own thoughts.