In this post you’ll learn how to use OpenSSL to generate passwords – or create pseudorandom strings. Random strings you can use as secure passwords. Yes, hexadecimal and base64 strings are all lower-case. All you need now is a way to remember these generated strings and passwords… Use a password manager like Bitwarden, Devolutions Hub, Vault by Hashicorp or 1Password.
OpenSSL comes in handy when you need to generate passwords or random strings. For example for system accounts and services. In this short post I’ll give you a quick example on how to generate random passwords with OpenSSL in Linux (Bash), Windows and PHP.
Pseudorandom strings with OpenSSL
The OpenSSL rand command can be used to create random passwords for system accounts, services or online accounts. The rand command outputs num pseudorandom bytes after seeding the random number generator once. The -hex argument tells openssl to show the output as a hex string. You can also use -base64.
You only have to decide the byte-length of your password or string, whether you want hexadecimal or base64, and OpenSSL does all the calculations.
Also read:
For example an 8 byte pseudorandom string, hex encoded output:
$ openssl rand -hex 8
28dbc04b1a90fbf4Or an 8 byte random string, base64 encoded output:
$ openssl rand -base64 8
7UON8PQIYHg=Using OpenSSL to generate random passwords in Windows
If you have installed OpenSSL in Windows, you can use the same openssl.exe command on Windows to generate a pseudo-random password or string:
PS C:\Users\Jan Reilink> & openssl.exe rand -hex 8
fa2af455f4425c9b
PS C:\Users\Jan Reilink> & openssl.exe rand -base64 8
tYHpFYAZ4C0=These makes ideal passwords, easily generated with openssl.exe in Windows Server, Windows 11 or Windows 10 🙂 .
Also read:
- Create strong passwords in Windows
- Use random, secure passwords for your HTTP Basic Authentication virtual users in IIS
Some more examples to generate strong, random passwords in Windows using OpenSSL, either in hexadecimal or base64 format:
PS C:\Users\JanR> & openssl.exe rand -hex 8
23a6a5c9616fbda4
PS C:\Users\JanR> & openssl.exe rand -base64 8
ygV7WYQ84VA=You can use the number of bytes argument (8) to increase the length:
PS C:\Users\JanR> & openssl.exe rand -base64 12
qZdgJkYbK9+OrY8F
PS C:\Users\JanR> & openssl.exe rand -hex 12
040aafdce624d82ad1ed11afMore about OpenSSL in Windows:
If you need to install OpenSSL in Windows or want to know more about OpenSSL, this is explained in my Windows 11/10 and WSL 2 DevOps environment and use OpenSSL for basic SSL/TLS tasks posts. All you have to do is use winget.
Pseudorandom password with PHP openssl_random_pseudo_bytes()
In PHP you can use openssl_random_pseudo_bytes(), with bin2hex() for readability:
<?php
var_dump(
bin2hex(
openssl_random_pseudo_bytes( 8, $cstrong )
)
);
?>Conclusion creating random password strings with OpenSSL
In this post you learned various ways of creating a secure(ish) password string with OpenSSL. On Linux and Windows, and even PHP. But, what is pseudorandom?
A pseudorandom sequence of numbers is one that appears to be statistically random, despite having been produced by a completely deterministic and repeatable process.
Wikipedia – Pseudorandomness
You can use such a string as a password, but keep in mind it’s viable to crack 16 character strong passwords in less than an hour.
Summary
- Learn to generate pseudorandom passwords using OpenSSL on Linux, Windows, and PHP.
- Use the OpenSSL rand command to create random strings in hex or base64 format.
- Consider a password manager like Bitwarden or 1Password to securely store generated passwords.
- In Windows, run openssl.exe to generate passwords easily for system accounts.
- Remember that even strong passwords can be cracked relatively quickly, so use caution.
