Random bytes generation with OpenSSL
Sharing a quick OpenSSL tip for generating random bytes - using the rand command with hex or base64 encoding lets you create high-entropy random strings for passwords and other uses. Just remember to account for the encoding's effect on output length.
Sometimes you just have to generate some random bytes with high entropy. And OpenSSL can help you with this task.
$ openssl rand [options] num
The rand
command outputs num
pseudo-random bytes. Since in most cases we don't want to deal with edge bytes, it's better to use either -hex
or -base64
option in order to encode output and thus lead to a valid password.
$ openssl rand 16 fӤ?v ???^@?y?? $ openssl rand -hex 16 b4ef65a47a327727bf4ad77d8d3352b2 $ openssl rand -base64 16 o1DqThmx1DWGoPAidi6DKQ==
Another problem is the length. When you use -hex
or -base64
option the output string is longer than passed num
. In order to keep the desired length, you have to chop it. For example, using the cut
command.
$ openssl rand -hex 16 | cut -c1-16 ce8ad63b50cbe611 $ openssl rand -base64 16 | cut -c1-16 4HIcmt4vTcmchbHU
Some useful links: