/dev/urandom

Serious blew my mind first time I used it.

Run this, and get ready to hit Ctl+C

cat /dev/urandom | tr -dc 'a-zA-Z0-9'

Cat starts spitting output from the device and trim makes sure you’re only getting alphanumeric. But you likely want something of a certain size. fold is a convinient way to do that since it’ll limit each line by a size, and then head the output so it just stops at the first carriage return of intput.

cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1

And viola, you have a random alphanumeric string.

Convert to hash

A random password is nice, but by itself isn’t always the most secure. Most password systems generate a hash based off the key, so that the check can be done via math versus string matching, which allows the password to not be directly stored anywhere.

A simple example of a MD5 hash is to use openssl which is installed on most systems.

openssl passwd -1 -salt test thinggy

or better yet, create it as a whole set of commands, maybe even wrap it into a function and drop it into your pofile.

SALT=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 5 | head -n 1)
PASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 18 | head -n 1)
openssl passwd -1 -salt $SALT $PASS

But: That’s a weak hash algorythm by today’s standards.

You can generate a much more modern SHA512 with a python one liner like this:

python -c 'import crypt; print(crypt.crypt("$PASS", crypt.mksalt(crypt.METHOD_SHA512)))'

And that will dump you out a full output that you could drop into a shadow file, or a database provided the lookup knows how to speak SHA512. Note that there’s a salt in there that was randomly generated.