Hi everyone,
I created this script for generating random passwords for my guest wi-fi. I based seeding of ether1 rx byte count (easily expandable for anyone who needs larger seed value) and password is extracted as a part of private key of certificate that is created for this purpose and later deleted. I belive it gives sufficient level of randomness and complexity. Downside is that execution writes about 100 sectors to flash memory while using 1024 RSA key size.I’m thinking sheduling execution every 5 days. I’m curious of your opinion feel free to pitch in.
/interface ethernet
{
:local drxByteCount [:tostr [get value-name=driver-rx-byte ether1]];
:local length [:len $drxByteCount];
:local seed;
:local currStringIndex 0;
:local template "pswd-gen-temp";
:local currChar;
:local pswdString;
:local pswdLength 15;
:local pswdStart 600; #carefull here there are empty spaces every few hundred characters and its better to take values from upper half
:local guestSecurityProfile "your security profile for guest wifi";
:for c from=0 to=($length-1) do={
:set currChar [:pick $drxByteCount $c];
:if ($currChar != " ") do={
:set seed ($seed.$currChar);
:set currStringIndex ($currStringIndex+1);
}
}
/certificate
add name=$template common-name=$seed key-size=1024 key-usage=encipher-only;
create-certificate-request template=$template key-passphrase=$seed;
:delay 5;
/file
:set $fileData [get certificate-request_key.pem contents];
:set length [:len $fileData];
:put ("debug len of fileData is ".$length);
:put $fileData;
:for c from=$pswdStart to=($pswdStart+($pswdLength-1)) do={
:set currChar [:pick $fileData $c];
:set pswdString ($pswdString.$currChar);
}
/file remove certificate-request.pem;
/file remove certificate-request_key.pem;
/certificate remove $template;
/tool e-mail
send to=youruser@your.domain subject="new password for guest wi-fi" body="$pswdString" start-tls=yes;
:delay 120;
/interface wireless security-profiles
set $guestSecurityProfile wpa2-pre-shared-key=$pswdString;
}