devrandom: reformat /dev/random; generate passwords and passphrases

devrandom reads a number of bytes from the random device (typically /dev/random) and prints them in a variety of formats. This provides a convenient source of randomness for scripts and the like, as well as an easy way of generating secure passwords and passphrases.

Persistent URL:

Version 0.7, 2007 November 8.

Some UNIXes have a device /dev/random or /dev/urandom from which random bytes can be read. Scripts sometimes need to use a little randomness, but since these special devices produce random 8-bit bytes rather than random characters, this can be slightly fiddly to use. The devrandom program is a simple utility to make this process easier, allowing you to request random numbers or characters, in a specified range, and request a given number of output symbols or a certain amount of entropy.

Of course, one of the most common uses for randomness is when generating random passwords or passphrases, and devrandom give easy support for this, too: the command devrandom -p produces a password using characters from the set [a-zA-Z0-9].

This is not the only application which generates random passwords: others are apg which is quite generic, and RPG, which is a Mac-specific GUI tool. There are other ways of reformatting /dev/random, some of which were discussed in a thread on

Examples of use

Without any arguments, devrandom's default behaviour is to print ten random integers between 0 and 9 inclusive:

% devrandom
1 8 2 2 0 0 6 2 7 5 

The number, range and offset (from zero) can be adjusted with the -n, -m (modulus) and -o options respectively.

You can select characters from a given string:

% devrandom -s qwertyuiop 

The option -a is equivalent to specifying all of the printable ASCII characters as the argument to the -s option. The option -p, is equivalent to specifying the options -a -m 62 -n 8, which picks 8 characters from the set [a-zA-Z0-9], and is useful for generating rather good, but unmemorable, Unix passwords.

% devrandom -p -v
devrandom: characters=8  modulus=62  offset=0  entropy=47.6 bits

The -v option here shows that, at around 48 bits of entropy (628=247.6), this is as reasonable a password as you can expect from just 8 characters.

Other options allow you to produce output as S/Key english words, as numbers convenient for generating diceware passphrases (yes, I know this is rather missing the point), as hex digits, and for outputting a given amount of entropy.

There is a man page

Release notes

Version 0.7, 2007 November 8
Add OpenBSD's /dev/srandom to the list of random devices tried.
Version 0.6, 2005 December 7
Added -0 option, which suppresses the trailing newline in the output string. There are some circumstances where this is helpful to scripts reading the output. Slight formatting changes: The `diceware numbers' output (with option -d) was the only output which wasn't on a single line; it's on a single line now, and other formats are more careful about avoiding trailing whitespace.
Version 0.5, 2005 November 28
Added -D option, to emit diceware-style passphrases. Assorted documentation tidyups; various code-hygiene modifications, assertions, and so on.
Version 0.4.1, 2005 May 9
Fix buglet: option -P was supported but still not recognised as legal.
Version 0.4, 2005 February 25
Add -d and -s options, to support outputting numbers suitable for diceware, and characters from a given string.

Download and installation

Download and unpack the distribution tarball.

To configure, build and install, just use:

% ./configure
% make
% make install

That will install the software into /usr/local. If you want it to go somewhere else, then (as usual with ./configure), specify the alternative location as the argument to configure's --prefix option. See ./configure --help for more details.

If you don't have a /dev/random or /dev/urandom, but do have another device from which random bytes can be read, the specify that at configuration time by giving a value for the DEVRANDOM environment variable:

% env DEVRANDOM=/my/random/device ./configure

This software is copyright 2003-2005, Norman Gray. It is free software, released under the terms of the GNU General Public Licence.

2007 November 8