How To Generate Random Numbers and Password with OpenSSL Rand – POFTUT

How To Generate Random Numbers and Password with OpenSSL Rand

OpenSSL is great library and tool set used in security related work. While talking security we can not deny that passwords and random numbers are important subjects. In this tutorial we will learn how to generate random numbers and passwords with OpenSSL.

Generate Base64 Random Numbers

Base64 is an encoding format used in applications and different systems which can be transferred and used without problem. Base64 do not provides control characters. We can generate Base64 compatible random numbers with openssl rand . Here we set the character count 10 which is the last parameter.

Generate Base64 Random Numbers

Generate Base64 Random Numbers

Generate Hexadecimal Random Numbers

Hexadecimal is a numbering system based 16 . We can generate Hexadecimal numbers with -hex option. In this example we will generate 20 character random hexadecimal numbers.

Generate Hexadecimal Random Numbers

Generate Hexadecimal Random Numbers

Write To File

The default behaivour of rand is writing generated random numbers to the terminal. If we need a lot of numbers like 256 the terminal will be messed up. We have options to write the generated random numbers. We will use -out option and the file name. In this example we will write a file named myrand.txt

Use Engine or Hardware for TRNG

Security experts divide random number generator into two category.

  • Truly Random Number Generator (TRNG) where generated umbers are truly random and generally special hardware used.
  • Psedeu Random Number Generator (PRNG) where generated numbers are not truly random but near to the random. This types do not requires special hardware and operating systems like Linux,Windows and OpenSSL uses by default this type.

If we have special cryptographic hardware or TRNG engine we can use it with OpenSSL to make random numbers TRNG . We will use -engine option and the device path . If our device is locate at /dev/crypt0 we can use following command

1 Response

  1. fjb says:

    One note on the OpenSSL base64 command: the number you enter is the number of random bytes that OpenSSL will generate, *before* base64 encoding. Base64 then then produces four bytes of output for every three bytes of input – meaning that the number on the command line should be 3/4 of the desired password length. So, for example, if I wanted a 16 character password, the command I would need would be “openssl rand -base64 12” .

    If your input number isn’t a multiple of 3 – that’s when you get the = signs at the end of the base64 output, to pad out the remaining space to finish a block of four output bytes.

Leave a Reply

Your email address will not be published. Required fields are marked *

Enjoy this blog? Please spread the word :)