Generate Password in Linux Shell
Published on

Generate Password in Linux Shell

Authors

openssl to generate a random password

We can make use of the openssl command to generate a random password in the shell. The following command generates a random password of approximately 44 characters.

openssl rand -base64 32

openssl: This is the command line tool for the OpenSSL library, which provides cryptographic functionality.

rand: This is an OpenSSL command that generates pseudo-random bytes.

-base64 32: This option tells OpenSSL to output the random bytes in Base64 encoding. Base64 encoding is a way of representing binary data in an ASCII string format. 32 This is the number of random bytes to generate. Since Base64 represents 3 bytes of binary data as 4 bytes of text, this will output a string of approximately 44 characters (32 bytes of random data becomes 44 bytes after Base64 encoding).

Since the random string generated has special characters we can use the tr command to remove them. We can make sure to inlude only alphanumeric characters in the password.

openssl rand -base64 32 | tr -dc '[:alnum:]'

So we would miss out a few characters in the password. If you want your generated password to be more secure, you can increase the number of random bytes generated by increasing the number 32 in the command. For example, to generate a random password of approximately 64 characters, you can use the following command:

openssl rand -base64 48 | tr -dc '[:alnum:]'

So remember the formula to calculate the number of characters in the password is 4/3 * n where n is the number of random bytes generated. But we remove special characters using tr command so the number of characters in the password will be less than 4/3 * n.

If you want exact n characters in the password, you can use the following command:

openssl rand -base64 48 | tr -dc '[:alnum:]' | cut -c1-32

Here cut -c1-32 will cut the string to 32 characters. You can replace 32 with the number of characters you want in the password. This will give you a password of exactly n characters. But make sure to generate enough random bytes to get the required number of characters in the password.

pwgen to generate a random password

pwgen is a small, powerful, and useful tool to generate random passwords. It is a command-line utility that generates random passwords. It is a good alternative to openssl to generate random passwords as we don't have to worry about removing special characters, etc.

To install pwgen on Ubuntu, you can use the following command:

sudo apt-get install pwgen

To generate a random password of 32 characters, you can use the following command:

pwgen 32 1

Here 32 is the length of the password and 1 is the number of passwords to generate.

But there are a few things to note about pwgen:

-s, --secure: Generate completely random and secure passwords.

-y, --symbols: Include at least one special character in the password.

-B, --ambiguous: Don't include ambiguous characters in the password.

Conclusion

In this article, we have seen how to generate a random password in the Linux shell using the openssl command and the pwgen command. We have also seen how to make sure the generated password is secure and how to include special characters in the password.

Sometimes we may need to generate a random password in a script. In such cases, we can make use of these tools to generate a random password and use it in the script.

There are cases when we don't want to include special characters in the password it might be due to passing the password as a query parameter in a URL then we might need to encode the password. Certain websites might not allow certain special characters in the password.

Using these tools will allow us to generate a random password of the required length and make sure it is secure.