pwgen [length] [count]

By default it generates a bunch of passwords in columns. However with args it can be ustructed to generate one fairly long secret (64 characters):

pwgen 64 1

It has fairly good number of ways to configure what and how exactly to generate. The downside of this approach is that pwgen(1) is probably not installed by default on your machine.


Reading directly from /dev/urandom is the way to go on pretty much any UNIX these days (or fallback to /dev/random, although both are the same except on Linux) without having to install anything. The only question is how to make it output plain-text.


Arguably the easiest way if you don’t care that the only possible “special” characters besides letters and numbers are + and /:

base64 /dev/urandom | head -c64


If you need to define a strict alphabet to use for your secret:

cat /dev/urandom | tr -dc 'a-zA-Z0-9_!@#$%^&*()~+=-' | head -c64


OpenSSL can also do the job with two possible outputs:

  • hex: openssl rand -hex 42

  • base64: openssl rand -base64 42 (uses = paddings)

The numeric argument is not characters, though.


Because obviously GPG can do everything security related:

gpg --gen-random --armor 1 42

First number is “quality level” which is… complicated as with anything related to GPG anyways.