Passwords are an important part of not just Linux security but also the most popular way to protect our digital lives.
A strong password should be at least 8 characters long and contain a mix of uppercase and lowercase letters, numbers, and special characters.
Creating a non-guessable password is often trickier than not. It can be difficult to come up with a strong password that is also easy to remember, which is why it is often helpful to generate a random password.
In this article, we will show you how to generate a random password in Linux using the command line.
Generating a Random Password with ‘urandom’
The urandom command is used to generate a random password with the help of the /dev/urandom device. The /dev/urandom device uses an entropy pool to generate random numbers.
The entropy pool is constantly replenished with new entropy from various sources like keyboard timing jitter, mouse movement, and other system events.
The /dev/urandom device never blocks and can be used for generating long-term keys as well as one-time passwords.
The -N flag is used to specify the number of bytes to be read from the /dev/urandom device. For example, to generate a 16-byte random password, we can use the following command:
$ head -c 16 /dev/urandom | base64
This command will read 16 bytes from the /dev/urandom device and then encode them using base64 encoding.
Generating a Random Password with ‘pwgen’
pwgen is a command line program that generates random passwords. It can be used to generate passwords for use in scripts or for generating secure passwords for accounts. The pwgen command has a number of options that can be used to control the password generation process.
pwgen command is not installed by default.
we get started by installing pwgen command using
sudo apt install pwgen
Various arguments of pwgen
- The -s flag tells pwgen to use a secure random number generator to generate the passwords.
- The -c flag tells pwgen to use capital letters in the generated password.
- The -n flag tells pwgen to use numbers in the generated password.
- Finally, the -y flag tells pwgen to include special characters in the generated password.
Here is an example of how to generate 10-character long passwords that include capital letters, numbers, and special characters:
pwgen -s 10 -c -n -y
Generating a Random Password with ‘makepasswd’
The makepasswd command can be used to generate a random password in a Linux shell. However, this command does not come pre-installed with the linux terminal. we can install it using the following command
sudo apt install makepasswd
The makepasswd command has several arguments that can be used to generate passwords.
--chars=NUM– Specifies the number of characters in the generated password. The default is 8.--count=NUM– Specifies the number of passwords to generate. The default is 1.--crypt– Causes the generated passwords to be encrypted using the standard Unix crypt() function.--md5– Causes the generated passwords to be encrypted using the MD5 algorithm.--rand-bytes=NUM– Specifies the number of random bytes to use when generating passwords. The default is 8.--seed=SEED– Sets the seed for the random number generator. This can be used to generate the same password multiple times.--sha1– Causes the generated passwords to be encrypted using the SHA1 algorithm.-s– Used to enable strict character set restrictions
For example, the following command will generate a random password of 12 characters:
makepasswd --chars=20
To generate a list of 10 random passwords, each 12 characters long, you would use the following command:
makepasswd --chars=12 --count=20
Generating a Random Password with ‘openssl’
The ‘openssl’ command is a tool for managing cryptographic keys and certificates. It can be used to generate random passwords.
The ‘-rand’ flag can be used to generate a random password. The ‘-base64’ flag can be used to encode the password in base64.
For example, to generate a random password of 16 characters, you can use the following command:
openssl rand -base64 16
Generating a Random Password with ‘tr’ and ‘/dev/urandom’
The ‘tr’ command is used for translating or deleting characters. The ‘/dev/urandom’ is a source of random data.
To generate a random password, we can use the following command:
tr -dc A-Za-z0-9 < /dev/urandom | head -c 16
This will translate all characters from the ‘/dev/urandom’ source except for A-Z, a-z, and 0-9. The ‘head’ command will then take the first 16 characters of the output.
An example output might be: “XK4c7BMZN4G6zgW7”
Generating a Random Password with the dd Command
The dd command is a powerful tool for copying and converting data. It can be used to copy entire disks or partitions, convert between different disk formats, and more.
There are many options available for the dd command, but some of the most commonly used ones are listed below:
- if=filename: Specifies the input file. This is usually a device file such as /dev/sda.
- of=filename: Specifies the output file. This is usually a device file such as /dev/sdb.
- bs=n: Sets the block size to n bytes. The default value is 512 bytes.
- count=n: Copies only n blocks from the input before stopping.
- seek=n: Seeks to position n in the output before starting to write any data.
- conv={notrunc|noerror|sync}[+]… : Specifies how to handle errors and end-of-file conditions. The most common options are “notrunc” (do not truncate the output file if it is longer than the input), “noerror” (continue copying even if there are read or write errors), and “sync” (pad blocks with zeroes so that reads return a multiple of the block size).
dd command can also be used for generating random passwords
To generate a random password with the dd command, you would use the following flags:
-N, –bytes=BYTES -C, –count=COUNT -W, –wait
$ dd if=/dev/urandom count=200 bs=1 2>/dev/null | tr -cd "[:graph:]" | cut -c-18
The above command uses the dd command to generate random data. The if option specifies the input file, which in this case is /dev/urandom.
The count option specifies the number of blocks to be read, and the bs option specifies the block size.
The data is then piped through the tr command, which only outputs characters that are considered “graphical” according to the POSIX standard. Finally, the cut command is used to only output the first 18 characters.
Generating a Random Password with the mkpasswd Command
The mkpasswd command can be used to generate a random password. However, the length cannot be controlled using this command. That can be changed using other commands.
mkpasswd command is a part of the whois package. In order to use the mkpasswd command you will have to isntall the whois package first like the following:
mkpasswd requires salt or seed to be added so that it generates a password using it.
So the <salt> part is where we enter our custom seed word.
The command to generate a password is
mkpasswd -5 <seed word>
Generating a Random Password with the ‘gpg’ Command
‘gpg’ or GNU Privacy Guard is another tool for generating random passwords on Linux. It provides a strong password consisting of uppercase and lowercase characters, numbers, and symbols. To install ‘gpg’ on Ubuntu, use:
$ sudo apt install gpg
Here is the list of some ‘gpg’ command line arguments and their meaning:
- -c: This encrypts the password using a symmetric cipher so that it can be decrypted later.
- -d: Use this option to decrypt an encrypted file.
- –gen-key: Use this to generate new public and private keys.
- –list-keys: Use this to list all the available keys.
The gpg command can be used to generate a random password with the –gen-random flag. This flag takes an integer argument that specifies the number of bytes of entropy to use.
For example, to generate a 16-character password using 96 bits of entropy, you would run:
gpg –gen-random 2 96
Now we will use the –armor argument to make the illegible code to ASCII format or base64 format.
Generating a Random Password with ‘apg’
‘apg’, or Automatic Password Generator is yet another utility for generating random passwords on Linux. It provides a strong password consisting of uppercase and lowercase characters, numbers, and symbols. To install ‘apg’ on Ubuntu use:
$ sudo apt-get install apg
To generate two pronounceable passwords each of eight characters in length use the command:
$ apg -a 0 -m 8 -n 2
$ apg -a 1 -m 8 -n 2
-a, –ambiguous – This option will allow you to use ambiguous characters in your generated passwords. Ambiguous characters are those that could potentially be confused for one another when typed, such as 1 and l (one and lowercase L). Using this option will increase the strength of your passwords by making them more difficult to guess.
–m, –minlen=NUMBER – This option allows you to specify the minimum length for your generated passwords. The default value is 8 characters, but you may want to increase this if security is a concern. Stronger passwords tend to be longer, so using a higher number here will result in stronger passwords overall. Just be sure not to leave out any important details like punctuation or numbers!
-M, –maxlen=NUMBER – This option allows you to specify the maximum length for your generated passwords. The default value is 8 characters, but you can increase this if desired. Keep in mind that longer passwords will be more difficult to remember, so only use a setting that you’re comfortable with.
-n, –numpass=NUMBER – This option lets you generate multiple passwords at once. By default, apg will only generate one password per invocation. If security is a concern and you want to have multiple strong backups, consider using this option to create several different passwords instead of just one.
Summary
There are many ways to generate a random password in Linux using the command line. Each method has its own advantages and disadvantages. The most important thing to remember when generating a password is to use a strong password that is at least 8 characters long and contains a mix of uppercase and lowercase letters, numbers, and special characters.