Create random passwords with OpenSSL/LibreSSL

As system administrators, we know we sometimes have to create passwords. It might be for ourselves, or when creating them for colleagues and customers. For an easy and quick way of generating random passwords, we can use the OpenSSL utility, part of OpenSSL and LibreSSL. This toolkit is often already installed on systems running Linux.

OpenSSL has a randomize function. If we feed the output through the base64 function, the scrambled set of characters can be made more human-friendly. This function is also used for e-mail, to store binary data safely. Besides ending up with a nice set of readable characters, the password is fairly strong as well.

openssl rand -base64 48

The output will be something like:

This way of password generation is very useful for scripts, or when you need some inspiration when handing out a temporary password. If you feel you want to use a shorter password, simply reduce the number at the end. This might be useful if people have to type it in manually.

Another option is extending the length and using it for a secret key (e.g. for VPN and IPSEC).

$ openssl rand -base64 1024
TCNfOEN1AfklWa2gJQW4j5wHcnAeTvkWW1Rh9LeumX5IXo9pvI/18BUfSXToEaWy
1GoRpa1yePEjewwnI4nmyHqQJB6yQ5mpB07k+FUIodzwkLbSb1/lDRoOAHlxOeH2
tNhoWnaKv+HfppxDvN92ZDvfM1QW6lanu3K84h8VpsGUYUhZYcOvdlqQ82ZyIg9V
bz5HBBVVZwlPCE6QhFVcqfQ0WWOS8IE6ysf3XhXYlHKXxkRQLFGYthq2fi0drDPZ
9i0EWktSDibl1rVsW/g7//VeQn+boQCig53hGuOZuJU0toUrvqoWFctnReUDh+y+
7+T08KyVS3p+m+RrcgShpFfzbi6/aJaySfDJDd5Cgk5u8ZQ6oeCH3t1qRA8I2z1Y
fQrxsznba1Dq+irjG+2E8LohjaUimTCBoRWgjJw7cXKzbZYhnu6CJc37yE47aLCM
9DCoA8tIfuHGs7bxfOrYvVWQmNUptqoL+ntk/r7924US6bb0tHNYNdkXT02fhyQc
PykclFqAp+91h53kgLIW1LdWxbc4i39ile+7YfTvOJKl3zKEaXiMjaVqJme575As
ENuFAXSkzg/tgyJSgmBGWE6ornaBvMBufPb7TwgEWD0j4KeglgpNFR9jZtmzCkdq
zHx0XHq/1owIbtUU1i/72k8lZ0T9xUd1QQMc0ExP1XYPpqNMWKutO3qNQ/2Mvv35
u8DGE8lhu+P7e+d8puFUh5ISnDb4FVSudH1LzjSNeYmbkLTxvLRHdntuBl+1fAZj
qxv7STWKVzVA7pyw4St/Fef3Yvs8NZEW01sbuQ3P1+7dhz4Ut55xtJtR/z9nb7Et
wdU0WfyU3IJuC1h2X8iVcckJYb3d83dlswpPnAXL5yUpuX3F44WT5cn12ufVRwF5
52efWsENVypB9wDYnX1ukHfYytdcH6Pj6P9pUwIUh1ZxU9LADwsoXDMLcq/Bz6Oh
DK7uIsXTmc3remkKdv5QDAPpLaC51E1ZW7zAZTJEkVi+7INmwOZ0c0/bBeMCHcDB
M3VuxGTeJ3oZbb43KrHf7NVHAU3FrK/N4Fa8NGYWtmrAEXTwc4ijk8v5CcefWmJy
J1WXjYyOEfDNkfpAf0ZoQTtt7eBXpjPq+2zJZ2olbdmXtIY2XOXEBW57/QNRbHNW
b5VrTnCZWZX683rJbGJkVMPRDDgxghLyXVjTUIQc1xMBW7LUdQqQTy94+toYviLs
K9jQRgKYjTb5tGQCtQ6iGTIpeeX0t2fT6R634PoY/308rLiqREDcZ5ASs23fwkFs
19ozVx4FZoNnI6VIi8xFkoSNU4VgizJvKWFJd2jDVH98JK28fcNbtverIzI+x/Ne
NfoptIWVLfxeryveo13UPg==

Now that is a nice randomized key, with enough entropy. It includes capitals, numbers and “other” characters. Sure, the set of the latter is limited, but it will definitely take huge amounts of processing power to crack this.

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!

Mastodon icon