Generating Strong Passwords at the Linux Command Line

There are a number of tools that will allow you to generate secure passwords including urandom, OpenSSL, GPG and pwgen. I will briefly demo these below.

OpenSSL

The below generates a random string of 14 characters in length.

[andy@home-pc ~]$ openssl rand -base64 14
xX/vQNNNS+FY6ZZp4Fk=

uRandom

To generate a random string of 20 characters.

[andy@home-pc ~]$ < /dev/urandom tr -dc A-Za-z0-9 | head -c20; echo
jOu2ug8Ea0Jv2sgr8qbu

pwgen

This is one of the most interesting password generators and it ships with a lot of useful options. The only downside is that it is not installed by default on most systems.

Installation

To install it on an Arch based system:

[andy@home-pc ~]$ sudo pacman -Sy pwgen

To install it on RedHat/CentOS, you’ll first need to install/enable the EPEL repository:

[andy@home-pc ~]$ sudo yum install epel-release
[andy@home-pc ~]$ sudo yum install pwgen

Usage

The below can be used to generate one password of length 20:

[andy@home-pc ~]$ pwgen 20 1
ieKuoyoo2asa9eeleesh

The below generates one password of length 20 with some additional options:

[andy@home-pc ~]$ pwgen 20 1 --ambiguous --numerals --symbols --capitalize
aeboos7aequ}eiHig3ma

The options above provide the following:

Options Description
-A, –no-capitalize Don’t include any capital letters.
-B, –ambiguous Don’t use potentially confusing characters like ‘l’ or ‘1’ and ‘O’ and ‘0’.
-n, –numerals Include at least one number in generated password.
-v, –no-vowels Don’t use vowels. Less secure but won’t accidentally include offensive words.
-c, –capitalize Include at least one capital letter.
-y, –symbols Include at least one special character.
-s, –secure Completely random but hard to remember.  Good for machine passwords.

The below is good option for generating user passwords:

[andy@home-pc ~]$ pwgen 20 1 --secure --ambiguous
wP4vggToXzPoPNKahHXC

GPG

You can also use gpg to generate a password. The below generates on of length 20:

[andy@home-pc ~]$ gpg --gen-random --armor 1 20
XlFQalR5jGkC0RRTSpvCHBoMGdc=

Be the first to comment

Leave a Reply