1

I am trying to generate a 10-character random password in Solaris servers. The examples give around the web are for Linux and mostly not working in Solaris.

Gilles 'SO- stop being evil'
  • 807,993
  • 194
  • 1,674
  • 2,175
judi
  • 71
  • 1
  • 2
  • 9
  • mostly not working in solaris – judi May 08 '18 at 11:35
  • 1
    “10 digits” contradicts “special character”. What is your exact requirement? Edit your question. Your question may or may not end up being a duplicate of [this](https://unix.stackexchange.com/questions/245036/random-number-generation-in-solaris) depending on what you need. – Gilles 'SO- stop being evil' May 08 '18 at 11:41
  • Thanks - the password should be 10 characters - Alpha + Numeric+ Special character – judi May 08 '18 at 11:59
  • 1
    A list of commands you tried and any output / error messages you got (and what you expected instead) might help to understand your issue. – frostschutz May 08 '18 at 12:14

2 Answers2

3

You can get cryptographic-quality random bytes from /dev/urandom. (This exists since Solaris 9. It also exists on Linux.) This includes unprintable characters, so you need to remove those. The following command extracts 10 random printable, non-space ASCII characters.

</dev/urandom tr -dc '!-~' | dd ibs=1 obs=1 count=10

I don't recommend using special characters in passwords. They don't make passwords more secure. What makes the security of a password is its entropy. A 10-character password has 10×log2(94) ≈ 65.5 bits of entropy. You can get the same amount of entropy from 9 arbitrary bytes and encode them as you wish, for example as hexadecimal.

</dev/urandom dd ibs=1 obs=1 count=9 | od -tx1 -An | tr -d ' '

Or as Base64, which is shorter.

</dev/urandom dd ibs=1 obs=1 count=9 | uuencode -m - | sed -n 2p

If there's some hard constraint that “passwords must contain at least one special character” (which is a questionable way to make passwords selected by average humans more secure, and it completely wrong for randomly generated passwords), then you can't simply use a random password, because there's a chance that it'll happen not to contain any character in a required class. If you reject passwords that don't meet the constraint, you're reducing the security of the password. Instead, make the password longer, e.g.

</dev/urandom dd ibs=1 obs=1 count=9 | uuencode -m - | sed '2!d; s/$/-Aa1/'

If you need the password to be memorable, that's a different problem. The best memorable passwords are passphrases.

Gilles 'SO- stop being evil'
  • 807,993
  • 194
  • 1,674
  • 2,175
  • can this stdd in and out be removed please sol10 # dd if=/dev/urandom ibs=1 obs=1 count=9 | uuencode -m - | sed '2!d; s/$/-Aa1/' 9+0 records in 9+0 records out A9xk0r4MvMCY-Aa1 sol10 # – judi May 08 '18 at 14:06
  • Thanks Much , this will eliminate the dd command output. `dd if=/dev/urandom ibs=1 obs=1 count=9 2>/dev/null | uuencode -m - | sed '2!d; s/$/-Aa1/'` – judi May 08 '18 at 14:20
  • I know this is old, but can you explain the `!-~` part passed to `tr`? From the man page it seems like it's all characters except the value of ! to ~? From my testing seems like I can definitely get random sequences with `!` `-` and `~` in them. So not sure what that is excluding. Thank you! – xbakesx Aug 26 '22 at 20:22
  • 1
    @xbakesx I think you missed `-c`. `tr -dc CHARS` deletes (`-d`) the characters in the complement (`-c`) of the set CHARS, i.e. it keeps the characters in CHARS. `tr -dc '!-~'` excludes control characters, non-ASCII characters and spaces. – Gilles 'SO- stop being evil' Aug 26 '22 at 20:42
  • That is definitely what I did. So it keeps any characters between code points 33 `!` and 126 `~`. Clever girl. – xbakesx Aug 26 '22 at 21:01
-1

You have perl in Solaris, it helps:

perl -e 'print[0..9,a..z,A..Z]->[rand 62]for 1..10'

With special characters it will be:

perl -e 'print [0..9,a..z,A..Z,qw{- _ / & ?}]->[rand 67]for 0..10'
Sasha Golikov
  • 251
  • 1
  • 7
  • Thanks - but there is no special characters. sol10 # perl -e 'print[0..9,a..z,A..Z]->[rand 62]for 1..10' e9RKUJiss3 sol10 # perl -e 'print[0..9,a..z,A..Z]->[rand 62]for 1..10' zLdxvTqlJT sol10 # perl -e 'print[0..9,a..z,A..Z]->[rand 62]for 1..10' AiaiDubgye sol10 # perl -e 'print[0..9,a..z,A..Z]->[rand 62]for 1..10' lJxiV2iDwY sol10 # – judi May 08 '18 at 12:01
  • You may add special characters in such way: perl -e 'print [a..z,A..Z,0..9,qw{- _ / & ?}]->[rand 67]for 0..10' – Sasha Golikov May 08 '18 at 12:24
  • 1
    No, Perl's `rand` is not suitable to generate a password. **This answer is insecure.** – Gilles 'SO- stop being evil' May 08 '18 at 12:31