This is a total side-topic question, but I've always been unsure about this usage of openssl to generate passwords:<p><pre><code> // generate this with: openssl passwd -1 "plaintextpassword"
</code></pre>
I'm assuming that there is an implicit presumption that the person executing this snippet will replace the string literal with their own plain text password, but I suspect a lot of new users will simply run that command. Because this is being used as a user password, which will then be hashed again by the OS, is there any security concern here? I'm just not knowledgable enough to know for sure, but it seems like the kind of thing that warrants questioning.<p>I tend to use `openssl rand` to generate passwords so that I avoid having to create any input myself.<p><pre><code> openssl rand -base64 24
</code></pre>
If I need some password length that results in '=' padding, I just use cut:<p><pre><code> openssl rand -base64 41 | cut -c1-41
</code></pre>
I've seen this suggested in a lot of places, but likewise, I lack the required knowledge to say if this is any better.