Generate pseudo-random passwords with OpenSSL

OpenSSL comes in handy when you need to generate random passwords, for example for system accounts and services. In this short post I'll give you a quick example on how to generate random passwords with OpenSSL in Linux (Bash), Windows and PHP.
Published on Friday, 27 November 2015
bash linux password php powershell windows gnu-linux

In this post you'll learn how to use OpenSSL to create pseudorandom strings. Random strings you can use as secure passwords. Yes, hexadecimal and base64 strings are all lower-case. All you need now is a way to remember these generated strings and passwords... Use a password manager like Bitwarden,  Devolutions Hub, Vault by Hashicorp or 1Password.

Pseudorandom strings with OpenSSL

The OpenSSL rand command can be used to create random passwords for system accounts, services or online accounts. The rand command outputs num pseudorandom bytes after seeding the random number generator once. The -hex argument tells openssl to show the output as a hex string. You can also use -base64.

You only have to decide the byte-length of your password or string, whether you want hexadecimal or base64, and OpenSSL does all the calculations.

For example an 8 byte pseudorandom string, hex encoded output:

$ openssl rand -hex 8
28dbc04b1a90fbf4

Or an 8 byte random string, base64 encoded output:

$ openssl rand -base64 8
7UON8PQIYHg=

Using OpenSSL to generate random passwords in Windows

If you have installed OpenSSL on Windows, you can use the same openssl.exe command on Windows to generate a pseudo-random password or string:

PS C:\Users\Jan Reilink> &"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" rand -hex 8
fa2af455f4425c9b
PS C:\Users\Jan Reilink> &"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" rand -base64 8
tYHpFYAZ4C0=

These makes ideal passwords, easily generated with openssl.exe in Windows 11 or Windows 10 :) .

Create strong passwords in Windows

PHP - create a pseudorandom password with PHP openssl_random_pseudo_bytes()

In PHP you can use openssl_random_pseudo_bytes(), with bin2hex() for readability:

<?php
  var_dump(
    bin2hex(
      openssl_random_pseudo_bytes( 8, $cstrong )
    )
  );
?>

Conclusion creating random password strings with OpenSSL

In this post you learned various ways of creating a secure(ish) password string with OpenSSL. On Linux and Windows, and even PHP. But, what is pseudorandom?

A pseudorandom sequence of numbers is one that appears to be statistically random, despite having been produced by a completely deterministic and repeatable process.

Wikipedia - Pseudorandomness

You can use such a string as a password, but keep in mind it's viable to crack 16 character strong passwords in less than an hour.