shell

Random bytes generation with OpenSSL

Sharing a quick OpenSSL tip for generating random bytes - using the rand command with hex or base64 encoding lets you create high-entropy random strings for passwords and other uses. Just remember to account for the encoding's effect on output length.


Sometimes you just have to generate some random bytes with high entropy. And OpenSSL can help you with this task.

$ openssl rand [options] num

The rand command outputs num pseudo-random bytes. Since in most cases we don't want to deal with edge bytes, it's better to use either -hex or -base64 option in order to encode output and thus lead to a valid password.

$ openssl rand 16 fӤ?v ???^@?y?? $ openssl rand -hex 16 b4ef65a47a327727bf4ad77d8d3352b2 $ openssl rand -base64 16 o1DqThmx1DWGoPAidi6DKQ==

Another problem is the length. When you use -hex or -base64 option the output string is longer than passed num. In order to keep the desired length, you have to chop it. For example, using the cut command.

$ openssl rand -hex 16 | cut -c1-16 ce8ad63b50cbe611 $ openssl rand -base64 16 | cut -c1-16 4HIcmt4vTcmchbHU

Some useful links: