- Command line tool to generate memorable passwords?
- 8 Answers 8
- 8 Ways to Generate a Random Password on Linux Shell
- Generation of a password with OpenSSL
- Generation of a password using urandom
- Generation of a password using pwgen
- Generation of a password using gpg
- Generation of a password using SHA
- Generation of a password via an easy way
- Generation of a password using apg
- Generation of a password using makepasswd
- Conclusion
Command line tool to generate memorable passwords?
I’m looking for a tool, command line or GUI, for Linux that generates memorable passwords. An equivalent of what I am looking for would be passwords that the Mac OS X keychain can generate, something like apples12$/fourteen . Something strong, but easily memorized by a user.
8 Answers 8
I’ve since moved on to XCKD style passphrases for most of my passwords. Here is a 1 liner from commandlinefu to generate a passphrase:
shuf -n4 /usr/share/dict/words | tr -d '\n' actually, there is an issue with this one-liner: it may use words like «the», «them», «their» and «moat», «iris», «he». Do you see the problem? There’s an overlap between prefixes and suffixes, which reduces the actual entropy of the generated password and can lead to pretty weak passwords if the strings are not long enough (especially with 4 words). This is why word-based password generators use crafted word lists. Granted, passwords generated with the above are pretty good: 14 chars minimum in my tests, with a median size of 34. But their entropy is not reliable.
What is the the issue with having overlapping prefixes / suffixes? I can understand your point about length, but you’ll need to explain the other point.
let’s simplify to the extreme. you have a dictionnary made out of three words: the , me and theme . normally, you would expect you’d have the entropy equally from those three words, but in this case, you can’t count theme because it is a combination of the other two words. in effect, theme actually adds zero entropy to the password.
But isn’t «the me» distinct from «theme»? I get that possible letters add entropy but this approach is more about the size of passwords. I don’t get how «the me theme» would be easier to guess then a sequence with no overlapping characters like «do ray music»
I would recommend people stop using pwgen — its main interested was generating «human-rememberable passwords», but it showed multiple vulnerabilities in doing exactly that. And using it to generate completely random strings isn’t that useful either.
I wrote a detailed article on that very topic, but basically, the gist of it is to use the diceware program (or, if you like dice, the actual diceware system) or xkcdpass. To generate strong memorable passwords, I generally use diceware with the following configuration file:
[diceware] caps = off delimiter = "-" wordlist = en_eff $ diceware turkey-eligibly-underwire-recite-lifter-wasp $ diceware lend-rubdown-cornflake-tint-shawl-ozone $ diceware syndrome-ramp-cresting-resolved-flinch-veneering $ diceware alto-badass-eclipse-surplus-rudder-quit I turn off caps and spaces because they generate distinct audible noises that could be leveraged by an attacker. The — delimiter is a lesser evil: it would be better to not use any separator and the en_eff wordlist is especially crafted for that purpose. But I find it easier to communicate and share passwords when they have some separator.
To generate a completely random password, I use the following shell function:
# secure password generator or, as dkg puts it: # high-entropy compact printable/transferable string generator # a password generator would be pwqgen or diceware pwg() < ENTROPY=$# in bytes # strip possible newlines if output is wrapped and trailing = signs as they add nothing to the password's entropy head -c $ENTROPY /dev/random | base64 | tr -d '\n=' echo > I mention this because I believe it is important to memorize less passwords and instead rely on a password manager to store large strings that are hard to guess. More details about the rationale behind those choices is explained in the aforementioned article and my password managers review.
2020: I posted this answer in 2011. In the years that have passed, the face of cyber security and the demands to it have changed rapidly and enormously. As has been pointed out by anarcat, pwgen may not (or no longer) be suitable for securing high-security systems. He sets out to describe the technical details on how pwgen can, in some circumstances, use insecure methods of password derivation from available entropy in his article. Although I no longer believe in generating passwords to then try and remember them myself, I do not have the technical aptitude to validate, let alone vouch for the contents of the article as quoted so please read it and draw your own conclusions. Having said that, I am convinced that pwgen will suffice for low-security systems where attack is very unlikely.
You might want to check out the pwgen application. I know it to be available in the Ubuntu, Fedora, Debian and Suse repositories.
The pwgen program generates passwords which are designed to be easily memorized by humans, while being as secure as possible. Human-memorable passwords are never going to be as secure as completely completely random passwords. In particular, passwords generated by pwgen without the -s option should not be used in places where the password could be attacked via an off-line brute-force attack. On the other hand, completely randomly generated passwords have a tendency to be written down, and are subject to being compromised in that fashion.
The pwgen program is designed to be used both interactively, and in shell scripts. Hence, its default behavior differs depending on whether the standard output is a tty device or a pipe to another program. Used interactively, pwgen will display a screenful of passwords, allowing the user to pick a single password, and then quickly erase the screen. This prevents someone from being able to «shoulder surf» the user’s chosen password.
8 Ways to Generate a Random Password on Linux Shell
A strong password is very important when you authenticate to a service with a username and password. Sometimes you need to protect your account or server and try to keep your data safe. It is often said that a strong password must have at least 14 characters, with variations such as lower and upper case letters and alphabets. Most of the time, a long password is considered much more secure than a short one because it is hard to get. In this tutorial, we will learn many ways to create a secure password using the Linux command line. We will look at many different ways you can create a stronger and more secure password using the Linux command line. If you want to create a strong password using the command line, there are several methods and utilities available to you. We will discuss many of these methods and you can choose one of the methods to create a password depending on your needs.
Generation of a password with OpenSSL
Several methods, exist in Linux to create and generate the passwords for the Linux command line. The first one we are trying is by using OpenSSL. Following are the steps that need to be followed for this purpose.
Step 1: First of all, open Terminal by clicking on the Ubuntu launcher and searching for Terminal.
Step 2: Now click on the Terminal and wait for the terminal to open.
Step 3: Once the terminal is opened, you will have a screen like this:
The command that is used to generate a stronger password includes the OpenSSL rand function. This will help us generate 14 random characters in a string. The command is:
The outcome will be a strong password of 14 characters as shown below.
Generation of a password using urandom
The second command which we are using to generate a password has filtered /dev/urandom output with tr. This will allow us to delete all of the unwanted characters and then help us to print the first 14 characters only.
The output of the above command is as follows:
The output has allowed us to print the first 14 characters only by deleting all of the unwanted ones.
Generation of a password using pwgen
For using pwgen we need to install this tool first. This tool will help us generate some random yet meaningless passwords. Although the passwords generated by it are random still are pronounceable. So, we will now install the tool using the following command.
Enter the credentials as asked
The installation will eventually begin. The command line will look just like the screen below.
Once the installation has been done, we will generate a random string having 14 characters in it.
The string we got randomly is this one.
Generation of a password using gpg
Gpg can also be used to generate a strong password of 14 characters. The gpg tool uses the following command to generate the 14 characters.
The outcome of this command is
And in the end, we have a password generated which is.
Generation of a password using SHA
We will use SHA in this method, we can also hash the date. It runs through the base64. As a result, we get an output as the top of the 32 characters.
Here is the outcome containing the 32 characters yet a strong password to keep the system safe.
Generation of a password via an easy way
The generation of a password is quite easy using the command line. Although it is not random still it is useful if we utilize the whole password. The easiest command for this purpose is as follows:
The outcome of the above command is a string as shown below.
And this command is very easy, and simple enough to remember.
Generation of a password using apg
APG is an Automatic Password Generator, it is already installed on all Ubuntu systems. It is also an easily used utility. It helps us generate various passwords that are random input.
In order to generate entire random passwords, we can run apg -a 1, which will give us the passwords with 8-10 random characters. The command we used for this purpose is apg –a 1. We will run and see various passwords generated in the output.
The output has many random passwords.
Generation of a password using makepasswd
“makepasswd” can also be used to generate passwords. For using this utility, we install it at first. We will use the command sudo apt-get install makepasswd.
Enter the required credentials.
On writing the credentials, the installation will begin.
Once the utility has been installed, we will write the command which is makepasswd –count NumberOfPasswords –minchars MinLengthOfPassword.
At first, we tell how many passwords we are aiming to generate and what must be the length of each of the password. Here we have asked to generate 4 passwords with length as eight for each of it.
The outcome is shown below. We have a total of 4 passwords with 8 characters in each of them.
The command is responsible for generating a list of random passwords based on the number of passwords we want to generate and the length is also defined by us.
Conclusion
In this tutorial, we have discussed many ways to generate passwords from the Linux command line. There are many methods that already exist. Some of the utilities are already present in the Linux command line, while the others are easy to install with the available commands. In this tutorial, we have discussed the utilities openssh, urandom, pwegn, gpg, sha, date, apg and makepasswd. All of these commands guarantee the generation of a stronger password from the Linux command line and are useful for users to ensure the security of their systems.