OpenSSL is great library and tool set used in security related work. While talking security we can not deny that passwords and random numbers are important subjects. In this tutorial we will learn how to generate random numbers and passwords with OpenSSL.
Generate Base64 Random Numbers
Base64 is an encoding format used in applications and different systems which can be transferred and used without problem. Base64 do not provides control characters. We can generate Base64 compatible random numbers with openssl rand . Here we set the character count 10 which is the last parameter.
$ openssl rand -base64 10
Generate Hexadecimal Random Numbers
Hexadecimal is a numbering system based 16 . We can generate Hexadecimal numbers with -hex option. In this example we will generate 20 character random hexadecimal numbers.
$ openssl rand -hex 20
Write To File
The default behaivour of rand is writing generated random numbers to the terminal. If we need a lot of numbers like 256 the terminal will be messed up. We have options to write the generated random numbers. We will use -out option and the file name. In this example we will write a file named myrand.txt
$ openssl rand -out myrand.txt -hex 20
Use Engine or Hardware for TRNG
Security experts divide random number generator into two category.
Truly Random Number Generator (TRNG)where generated umbers are truly random and generally special hardware used.Psedeu Random Number Generator (PRNG)where generated numbers are not truly random but near to the random. This types do not requires special hardware and operating systems like Linux,Windows and OpenSSL uses by default this type.
If we have special cryptographic hardware or TRNG engine we can use it with OpenSSL to make random numbers TRNG . We will use -engine option and the device path . If our device is locate at /dev/crypt0 we can use following command
$ openssl rand -engine /dev/crypt0 -hex 20
One note on the OpenSSL base64 command: the number you enter is the number of random bytes that OpenSSL will generate, *before* base64 encoding. Base64 then then produces four bytes of output for every three bytes of input – meaning that the number on the command line should be 3/4 of the desired password length. So, for example, if I wanted a 16 character password, the command I would need would be “openssl rand -base64 12” .
If your input number isn’t a multiple of 3 – that’s when you get the = signs at the end of the base64 output, to pad out the remaining space to finish a block of four output bytes.
would this random password be used to establish communication with a HTTPS enabled web-application or what is the application of using an random Engine?
Thankyou for helping out, good info .