A random string generator in a bash script isn't respecting the number of given characters

Question

I am trying to build a random character generator in a bash script on osx 10.8.5 . The goal is to generate random character strings for a script generating salts for the wordpress wp-config.php file. The snippet looks like the following:

#!/bin/bash -e
read -p "Number of digits: " digits

function rand_char {
    take=$(($RANDOM % 88)); i=0; echo {a..z} {A..Z} {0..9} \, \; \. \: \- \_ \# \* \+ \~ \! \§ \$ \% \& \( \) \= \? \{ \[ \] \} \| \> \< | while read -d\  char;
    do
        [ "$i" = "$take" ] && echo "$char\c";
        ((i++));
    done
}

function rand_string {
    c=$1;
    while [ $c -gt 0 ];
        do char="${char}"$(rand_char);
        let c=$c-1;
    done
    echo $char
}

outputsalt=`rand_string $digits`

echo $outputsalt

if i enter 64 as the number of digits the resulting number of characters differs each try:

HeF6D>z}x[v=s(qRoPmNkLiIfG7E5C3A1yZwWtU§S~Q*O_M:J,b86|4]2{0)X&p    (63 chars)
WtUrSpQnOkLiJ,H8F6D4B1yZ)X&V$T!R+P_M:e;c9a7>5}2{u=s(q%o§m~j#hIfG   (64 chars)
_g:d,b86|4]w{u=r&p$n!lMjKhIeFcDaB>z0xYt)r&p§m~kLiJgHeFcDA1yZwX     (62 chars)
}w{u=s(q%oPmNkKhIfGdEbC3A1xYvWtUrS~Q*O_L.J,H8F6|4]2?Z)X&V$n!l+j_   (64 chars)
l+j_g:e;cDaB>z}x{u=sTqRoPmNkKhIfG7E5C3A1xYvW%U§S~Q*O_L.J,b86|4]    (63 chars)

Is there a way that the number of characters sticks to the given number? Best regards Ralf

Answer 1

Try a simpler case:

function rand_char {
  take=$(($RANDOM % 2)); i=0; echo a b | while read -d\  char;
  do
    [ "$i" = "$take" ] && echo "$char\c";
    ((i++));
  done
}

It will produce a and blanks, but no b.

We can further reduce the problem down to:

echo a b | while read -d\  char; do echo "$char"; done

which only writes a and not b. This is because you instruct read to read up to a space, and there's no space after b so it fails. This means that one out of every 88 chars will be dropped, causing your lines to be slightly shorter.

The simplest fix is to add a dummy argument to force a space at the end:

echo {a..z} {A..Z} {0..9} (etc etc) \} \| \> \< '' | while read ...
#                                       Here ---^

Note that your method just adds 15 bits of entropy to the salt, while the absolute minimum should be 64. The significantly easier and more secure way of doing this would be:

LC_CTYPE=C tr -cd 'a-zA-Z0-9,;.:_#*+~!@$%&()=?{[]}|><-' < /dev/urandom | head -c 64

(note: this replaces your unicode paragraph symbol with an ascii @)

Answer 2

No offense, by your coding style is, errr..., not the best I've seen :).

#!/bin/bash -e

read -p "Number of digits: " digits
# TODO: test that digits is really a number

chars=( {a..z} {A..Z} {0..9} \, \; \. \: \- \_ \# \* \+ \~ \! \§ \$ \% \& \( \) \= \? \{ \[ \] \} \| \> \< )

function rand_string {
    local c=$1 ret=
    while((c--)); do
        ret+=${chars[$((RANDOM%${#chars[@]}))]}
    done
    printf '%s\n' "$ret"
}

outputsalt=$(rand_string $digits)

echo "$outputsalt"

Answer 3

I see two problems in your script.

I'm pretty sure

take=$(($RANDOM % 88));

should be

take=$(($RANDOM % 87));

Otherwise, it appears you're going past the end of your input stream.

The other problem is this char: \§

Bash is seeing that as two characters (wide char?). I'd delete it from your possibilities.

Of course, that would mean the above line would be:

take=$(($RANDOM % 86));

Doing those two things, in fact, works for me.

Edited:

@that other guy has a better answer. Adding the space rather than reducing the modulo will ensure that you get every character

Answer 4

Another way of doing this if you fancy one-liners:

perl -le 'print map { ("a".."z","A".."Z",0..9,",",";",".",":","-","_","#","*","+","~","!","§","\$","%","&","(",")","=","?","{","}","[","]","|","<",">") [rand 87] } 1..63'

or, as you probably won't want a new line at end:

perl -e 'print map { ("a".."z","A".."Z",0..9,",",";",".",":","-","_","#","*","+","~","!","§","\$","%","&","(",")","=","?","{","}","[","]","|","<",">") [rand 87] } 1..63'