Make random string

[smasher]

Just thought I'd share this little one-liner script, in case anyone needs to generate random passwords or something.

openssl sha384 -binary < /proc/timer_list | openssl base64

I've got that in a script "/jffs/scripts/make-random-string":

#!/bin/sh

openssl sha384 -binary < /proc/timer_list | openssl base64

That spits out a 64 character string with a base64 character-set. If you want a shorter string, just pipe the output into "head -c n", like this, for a 12 character string:

/jffs/scripts/make-random-string | head -c 12

And if you need a newline after the string:

/jffs/scripts/make-random-string | head -c 12 ; echo

Or, use "tail -c n" but allow one character for the newline. So to get a 12 character strings, use:

/jffs/scripts/make-random-string | tail -c 13

nb, "/proc/timer_list" counts nanoseconds starting at boot. Avoid using it immediately after booting. A better option for immediately after booting would be:

head -c 256 /dev/urandom | openssl sha384 -binary | openssl base64

Adjust the "256" for more or less entropy, as needed.

 

[smasher]

And a script to reset guest-network passwords with an 8 character string...

#!/bin/sh

PATH=/usr/sbin:/usr/bin

pass_new=$( openssl sha384 -binary < /proc/timer_list | openssl base64 | head -c 8 )
## if using this at boot-up, comment-out the line above, and un-comment the line below
# pass_new=$( head -c 256 /dev/urandom | openssl sha384 -binary | openssl base64 | head -c 8 )


## un-comment to display new password
# /bin/echo "${pass_new}"

nvram set wl0.1_wpa_psk="${pass_new}"
nvram set wl0.2_wpa_psk="${pass_new}"
nvram set wl0.3_wpa_psk="${pass_new}"
nvram set wl1.1_wpa_psk="${pass_new}"
nvram set wl1.2_wpa_psk="${pass_new}"
nvram set wl1.3_wpa_psk="${pass_new}"

nvram commit

## un-comment to re-start wireless in this script
# service restart_wireless > /dev/random

 

[smasher]

Actually... Now I'm thinking this may be the best "engine" for generating random passwords on these machines:

openssl rand -base64 9

Adjust the final number on that in multiples of 3 (3, 6, 9, 12, 15, 18, 21...) to avoid trailing equal-signs.

And to seed openssl from "/dev/urandom" and "/proc/timer_list", use the "-rand" option:

openssl rand -rand /dev/urandom:/proc/timer_list -base64 9 2> /dev/random

Edit: If you're using a number of bits that's not a multiple of 3, you can remove the trailing equal-signs by piping it though "tr -d '='"

openssl rand -base64 4 | tr -d '='

 

[smasher]

Now, the script looks like this, for generating 10 character passwords for the guest-networks:

#!/bin/sh

PATH=/usr/sbin:/usr/bin:/bin

pass_new=$( openssl rand -rand /dev/urandom:/proc/timer_list -base64 9 2> /dev/random | head -c 10 )

## un-comment to display new password
# echo "${pass_new}"

nvram set wl0.1_wpa_psk="${pass_new}"
nvram set wl0.2_wpa_psk="${pass_new}"
nvram set wl0.3_wpa_psk="${pass_new}"
nvram set wl1.1_wpa_psk="${pass_new}"
nvram set wl1.2_wpa_psk="${pass_new}"
nvram set wl1.3_wpa_psk="${pass_new}"

nvram commit

## un-comment to re-start wireless in this script
# service restart_wireless > /dev/random

For 8 character passwords use:

openssl rand -rand /dev/urandom:/proc/timer_list -base64 6 2> /dev/random

and for 16 character passwords use:

openssl rand -rand /dev/urandom:/proc/timer_list -base64 12 2> /dev/random

Edit: base64 encoding is 6 bits per character, so total bits of entropy per number of characters:
4 char = 24 bits
6 char = 36 bits
8 char = 48 bits
10 char = 60 bits
12 char = 72 bits
14 char = 84 bits
16 char = 96 bits
18 char = 108 bits
20 char = 120 bits
22 char = 132 bits
24 char = 144 bits