Use the Unix: Generating a Random Password

Let’s generate a super-secure random password (let’s say, for our tumblr account), using only the command line and a few basic unix tools.

First, we’ll read 10 bytes of random data out for /dev/random:

$ head -c 10 /dev/random # -> �u#�ko�%

The output looks kinda shitty huh?

Ok, let’s encode this data in base64 format:

$ head -c 10 /dev/random | base64 # -> 9W0MVZQ+SC27VA==

Better, but those trailing ’=’ characters aren’t really useful to us, and that ’+’ in there reminds me that we should prefer to generate ‘url-safe’ base64 text.

Let’s use tr (translate) to delete (-d) the equals-signs:

$ head -c 10 /dev/random | base64 | tr -d ‚=‘ # -> PHCSXH7w3TZgHg

And let’s use tr again to change ’+’ into ’-’ and ’/’ into ’_’:

$ head -c 10 /dev/random | base64 | tr -d ‚=‘ | tr ‚+/‘ ‚-_‘ # -> XE_TRFKrfv-nwA

Much better, but how many characters are in this password we are generating?

$ _my_password=$( head -c 10 /dev/random | base64 | tr -d ‚=’| tr ‚+/‘ ‚-_‘ ) $ echo -n „$_my_password“ | wc -c # -> 14

(note how we passed -n to echo, asking it to not print a trailing new-line)

Fourteen characters isn’t bad, but we can always get more by increasing the value of the -c parameter to head and get a longer password:

Now we can just copy-paste this delicious new password into our browser and our account is secure again!