Generate passwords with openssl

Contributor Icon Contributed by Michilimackinac Date Icon March 12, 2006  
Tag Icon Tagged: OpenSSL

You can generate some good (high entropy) passwords using this method.


write 6 random bits of base64-encoded data. This will produce an eight character string making a good unix (crypt based) password:


$ openssl rand -base64 6
RcqcGq4h
$

This is an example used to generate a 16 character password


$ openssl rand -base64 12
IEoOfT/LKimAf/sd
$

When random data goes through the base encoding process the string output is always a multiple of 4 possibly padded on the end with one or more ‘=’ characters. So if you want a password that is not a multiple of 4 you need to artifically chop it where you want it.

An example used to generate a 37 character password:

with cut:


$ openssl rand -base64 37 | cut -c1-37
X/UhqF1I9qO57Uz8hPufpvbOLYCeuuvqnerUM
$

or sed:


$ openssl rand -base64 37 | sed -e ’s/^\(.\{37\}\).*/\1/g’
sAPpFoGnbXnJrQc8Cl/QqrNwn0QK3hHrgANt1
$

or awk:


$ openssl rand -base64 37 | awk ‘BEGIN{FS=”"} {for (i=1;i<=37;i++) printf("%s",$i);} {printf "\n"}'
WhGWSCp8Y2uilxWfOfAyQXa4QqlE78uJeH3sn
$

Previous recipe | Next recipe |
 
  • qmchenry
    This is a great use for openssl that I didn't know about. I recently implemented a password generator in a shell script that I wasn't thrilled with. I'm upgrading it tonight. Thanks!
  • gnulinux
    Thats brilliant.

    keep up good work.
blog comments powered by Disqus