The examples below show several available ways to obtain a password with a predefined number of positions and plausible randomness.
General Purpose Passwords
Standard bash password/OTP set generator
pwgen generates a batch of pseudo-random strings of ${1} positions each, in a batch of ${2} generations
pwgen # Default
pwgen 10 2 # Patch of 2 generations, 10 symbols each
Artificial Hash-based
This approach has controlled randomness but could be vulnerable to the collision driver exploits, depending of the implementation of selected hash generator.
NSYM=10
date | md5sum | head -c ${NSYM} ; echo # MD5
date +%s | sha256sum | base64 | head -c ${NSYM} ; echo # SHA256 / base64
date +%s | sha512sum | base58 | head -c ${NSYM} ; echo # SHA512 / base58
/dev/urandom, /dev/random
# NSYM in range statement requires `eval` to parametrize, not recommended as vulnerable
NSYM=20
strings /dev/random | tr -dc _A-Z-a-z-0-9 | head -c${1:-20} | tr -d '\n'; echo
strings /dev/urandom | grep -o '[[:alnum:]]' | head -n ${NSYM} | tr -d '\n'; echo
OpenSSL
NSYM=20
openssl rand $((${NSYM} + 4)) | base64 | tr -d '\n,='; echo # Manual hash, any length
openssl rand -base64 ${NSYM} | tr -d '\n,='; echo # Automatic hash, requires trimming
Passwords for Services / Servers
dovecot Default Authorization Engine
export NSYM=64 ; STR_PSW=$(strings /dev/urandom | grep -o '[[:alnum:]]' | head -n ${NSYM} | tr -d '\n'; echo); HASH_PSW=$(doveadm pw -s SHA512-CRYPT -p "${STR_PSW}") ; echo -e "Dovecot password strings:\n\tPassword:\t${STR_PSW}\n\tRecord:\t\t${HASH_PSW}" ; unset NSYM