Home Arrow Icon Knowledge base Arrow Icon Global Arrow Icon Can openssl rand generate human-readable passwords without base64 encoding


Can openssl rand generate human-readable passwords without base64 encoding


OpenSSL's `rand` command primarily generates pseudo-random bytes, which can be encoded in various formats such as hexadecimal or base64 to make them human-readable. However, the raw output of `openssl rand` without any encoding is binary data, which is not human-readable.

Using `openssl rand` without Base64 Encoding

If you want to generate passwords without using base64 encoding, you can use the hexadecimal output instead. This is achieved by using the `-hex` option with the `openssl rand` command. Here's how you can do it: 

bash
openssl rand -hex 16

This command generates 16 bytes of random data and outputs them as a hexadecimal string. The resulting string is human-readable and can be used as a password. However, keep in mind that hexadecimal strings are typically longer than base64 strings for the same amount of entropy.

Generating Human-Readable Passwords without Special Characters

If you prefer passwords without special characters like `+`, `/`, or `=`, you can use a combination of base64 encoding and filtering out unwanted characters. Here's an example script that generates a password of a specified length without these special characters: 

bash
#!/bin/bash

LENGTH=25

if [ ! -z "$1" ] && [ $1 -gt 1 ]; then
    LENGTH=$1
fi

NUMBYTES=`echo $LENGTH | awk '{print int($1*1.16)+1}'`

openssl rand -base64 $NUMBYTES | tr -d "=+/" | cut -c1-$LENGTH

This script generates a password of the specified length by first generating more bytes than needed to account for the special characters that will be removed. It then uses `tr` to remove the special characters `=`, `+`, and `/`, and finally cuts the string to the desired length.

Conclusion

While `openssl rand` itself does not directly generate human-readable passwords without encoding, you can use the `-hex` option to get a human-readable hexadecimal string. Alternatively, you can use base64 encoding and filter out unwanted characters to create passwords that are more readable and suitable for your needs.

Citations:
[1] https://superuser.com/questions/1458249/how-to-decrypt-passwords-generated-by-openssl-rand-base64-20
[2] https://docs.openssl.org/1.1.1/man1/rand/
[3] https://stackoverflow.com/questions/65528031/how-to-generate-openssl-blowfish-without-certain-characters-or-allow-certain-set
[4] https://www.redlever-solutions.com/blog/howto-generate-secure-passwords-with-openssl
[5] https://stackoverflow.com/questions/45446754/why-do-base64-openssl-use-a-padding-character-of-k-instead-of

Can I customize the character set used by openssl rand for better readability

OpenSSL's `rand` command does not directly support customizing the character set for generating passwords. However, you can achieve this by generating random bytes and then converting them into a custom character set. Here's how you can do it:

Using a Custom Character Set

1. Generate Random Bytes: Use `openssl rand` to generate a specified number of random bytes.

2. Convert to Custom Character Set: Use a script to convert these bytes into a custom character set.

Here's an example script that generates a password using a custom character set: 

bash
#!/bin/bash

# Define the custom character set
CHARSET="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"

# Specify the length of the password
LENGTH=16

# Generate random numbers corresponding to indices in the character set
for ((i=0; i[@]}"; do
    INDEX=$(( DECIMAL % ${#CHARSET} ))
    PASSWORD+="${CHARSET:$INDEX:1}"
done

# If the password length is less than desired, append more characters
while [ ${#PASSWORD} -lt 16 ]; do
    RANDOM_INDEX=$(( RANDOM % ${#CHARSET} ))
    PASSWORD+="${CHARSET:$RANDOM_INDEX:1}"
done

# Trim the password to the desired length
PASSWORD=${PASSWORD:0:16}

echo "$PASSWORD"

This script converts binary data into a custom character set.

4. Using `pwgen`**

`pwgen` is a tool specifically designed to generate passwords. It can create passwords with a specified length and complexity. While it doesn't directly convert binary data, it can generate human-readable passwords based on random input: 

bash
pwgen -s 16 1

This command generates a single, secure password of length 16.

5. Using `xkcdpass`**

`xkcdpass` is another tool inspired by the xkcd comic on password security. It generates passwords based on a list of words, making them more memorable and human-readable. Again, it doesn't convert binary data but generates readable passwords: 

bash
xkcdpass -n 1 -l 4

This command generates a single password consisting of four words.

Conclusion

While there isn't a single tool specifically designed to convert binary data into human-readable passwords using a custom character set, you can achieve this through scripting or by using tools like `pwgen` or `xkcdpass` for generating readable passwords.