Generate Random Passwords from the Command Line

May 10, 2011 - 8 Comments

Some of the most secure passwords you can use are those that are randomly generated. From the command line, you can randomize potential passwords in a multitude of ways, and we’ll cover several primary methods and then show you how to combine commands to make passwords even more random.

First, we’ll try my go-to method that uses openssl:

openssl rand -base64 6

The output of this command will be completely random, and look something like: cG/ah3+9

You can adjust the length of the password by changing the number on the end of the string. If you don’t want to end up with any abnormal characters like / and +, you can generate from hex too:

openssl rand -hex 4

If that isn’t random enough, you can pipe the randomized output of openssl through md5 and trim the md5 hash of the randomized output down to a set number of characters:

openssl rand -base64 8 |md5 |head -c8;echo

You can also get creative and take random input from other commands, such as date, and trim 8 characters from the current dates md5 hash:

date |md5 | head -c8; echo

Or even ping:

ping -c 1 yahoo.com |md5 | head -c8; echo

Using the md5 method, you can take the output of any command, or file, to create a secure password.

Obviously all of these randomized passwords aren’t easy to remember, which is why it can be helpful to use a password manager, but that’s another topic.

Enjoy this tip? Subscribe to the OSXDaily newsletter to get more of our great Apple tips, tricks, and important news delivered to your inbox! Enter your email address below:

Related articles:

Posted by: David Mendez in Command Line, Tips & Tricks

8 Comments

» Comments RSS Feed

  1. Peter M says:

    The random function of openssl alone should be adequate, the rest is just showing off and integrating further complexity, which is great for even further obfuscation but it’s likely unnecessary for the average user.

    I’d also recommend including the first 2-3 characters of the service or site question at the beginning, it helps to aid recall.

  2. Michael S says:

    If you have macports installed, you could use the ‘pwgen’ command for more options.

  3. distortedloop says:

    I love the power of the command line, but if you’re going to use a password manager you might just as well use the pwm’s built-in random generator …

  4. [...] If you’re bad at picking passwords or you just want the security advantages of randomness, generate one randomly from the command [...]

  5. jch says:

    The last example, using the output of “ping -c1 yahoo.com” is an appallingly bad way to choose a random password. Even the most optimistic assumptions about the variability of ping time is only going to give you about 100,000 different passwords. On the other hand, eight bytes of base 64 encoded randomness from openssl is going to give you 281 trillion passwords.

  6. [...] generation tool or even command line access, especially if you didn’t memorize or alias the proper command syntax to randomly generate one in the first place. Plus let’s face it, in many situations [...]

  7. davide says:

    have you ever noticed that the output of md5 function is in HEX? that means only 16 char alphabet, probably the name of your dog+some random date+some punctuaction is even better.

Leave a Reply

 

Shop for Apple & Mac Deals on Amazon.com

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates