If you generate 19 bytes or RAND output, it will never exceed 20 bytes encoded. OpenSSL will be generating 159 bits of RAND output, so that it will never exceed 20 bytes encoded. The command-line RAND program is bytes, the C API is bits. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users