Home Security Different Ways To Generate A Strong Password In Linux

Different Ways To Generate A Strong Password In Linux

By sk
Published: Last Updated on 63.2K views

A while ago we have covered how to force users to use a strong password in DEB based systems such as Debian, Ubuntu, Linux Mint, Elementary OS etc. You might wonder how a strong password looks like, and how could we create one? No worries! Here are a few different ways to generate a strong password in Linux. Of course, there are many free tools and ways to accomplish this task, however I consider these methods are simple, and straightforward.

Generate A Strong Password In Linux

There could be many ways. As of now, I am aware of the following methods. I will update this list when I came across any new methods. Let us get started.

Method 1 - Using OpenSSL

OpenSSL comes preinstalled in most Linux distributions.

To generate a random password with OpenSSL, run the following command in the Terminal:

$ openssl rand -base64 14

Here, '-base64' string will make sure the password can be typed on a keyboard.

Sample output:

B3ch3m3e35LcCiRQiqI=
Generate a strong password in Linux using OpenSSL
Generate a strong password in Linux using OpenSSL

The above command will generate a 14 byte random value encoded with base64. You can count the number of characters in the above random value by decoding it using command:

$ echo "B3ch3m3e35LcCiRQiqI=" | base64 -d | wc -c
14

As you can see, we have generated a random and strong password with 14 characters long. The -d and -c flags in the above command refers "decode" and "byte count" respectively.

To generate generate a 16 byte (128 bit) random value, the command would be:

$ openssl rand -base64 16

For more details, refer the man pages.

$ man openssl
$ man base64
$ man wc

Method 2 - Using Pwgen

pwgen is simple, yet useful command line utility to generate a random and strong password in seconds. It designs secure passwords that can be easily memorized by humans. It is available in the most Unix-like operating systems.

To install pwgen in DEB based systems, run:

$ sudo apt install pwgen

In RPM based systems:

$ sudo yum install pwgen

In Arch based systems:

$ sudo pacman -S pwgen

Once pwgen installed, generate a random and strong password with length of 14 letters using command:

$ pwgen 14 1

Sample output:

ahshaisaeco5Lo

The above command will generate only one password with length of 14 characters. To generate 2 different passwords with length of 14 characters, run:

$ pwgen 14 2

Sample output:

Ho8phaedohxoo3 em1HaefohYi8gu
Generate a strong password in Linux using pwgen
Generate password pwgen

To generate 100 different passwords (Not necessary though) with length of 14 characters, run:

$ pwgen 14
Generate 100 random strings with 14 characters long using pwgen
Generate 100 random strings with 14 characters long using pwgen

To include at least 1 number in the password run:

$ pwgen 14 1 -n 1

Sample output:

xoiFush3ceiPhe

There are also some useful options available to use with pwgen command.

 -c or --capitalize (Include at least one capital letter in the password)

 -A or --no-capitalize (Don't include capital letters in the password)

 -n or --numerals (Include at least one number in the password)

 -0 or --no-numerals (Don't include numbers in the password)

 -y or --symbols (Include at least one special symbol in the password)

 -s or --secure (Generate completely random passwords)

 -B or --ambiguous (Don't include ambiguous characters in the password)
 -h or --help (Print a help message)

 -H or --sha1=path/to/file[#seed] (Use sha1 hash of given file as a (not so) random generator)
 -C (Print the generated passwords in columns)

 -1 (Don't print the generated passwords in columns)

 -v or --no-vowels (Do not use any vowels so as to avoid accidental nasty words)

For more details, check the man pages.

$ man pwgen

Method 3 - Using GPG

GPG (GnuPG or GNU Privacy Guard), is free command-line program and replacement of Symantec's PGP cryptographic software.

To generate a random and strong password with length of 14 characters using GPG, run the following command from the Terminal:

$ gpg --gen-random --armor 1 14

This command will generate a secure, random, strong and base64 encoded password.

TXn6cIqYg2SNYTrG5UE=
Generate a strong password in Linux using gpg
Generate random password using gpg in Linux

For more details, refer man pages.

$ man gpg

Method 4 - Using Apg

Apg (stands for Automatic Password Generator) is a command line utility for generating strong random passwords. A good thing is Apg will generate "pronounceable" passwords. They are referred to as "pronounceable" because the passwords may actually be pronounced like regular words.

To install Apg on CentOS / RHEL, enable [EPEL] repository:

$ sudo yum install epel-repository

And the install it using command:

$ sudo yum install apg

On Debian:

$ sudo apt install apg

To install Apg on Ubuntu, enable [universe] repository:

$ sudo add-apt repository universe

And then install it using command:

$ sudo apt install apg

On Fedora:

$ sudo dnf install apg

Once installed, run Apg command to generate strong and random passwords:

$ apg

Sample output:

Vet?gradeybof4 (Vet-QUESTION_MARK-grad-eyb-of-FOUR)
Rod^4frukbodIg (Rod-CIRCUMFLEX-FOUR-fruk-bod-Ig)
yars5Drephyak^ (yars-FIVE-Dreph-yak-CIRCUMFLEX)
cinFiuv1slej# (cin-Fi-uv-ONE-slej-CROSSHATCH)
jong4OnsapIj` (jong-FOUR-Ons-ap-Ij-GRAVE)
joinshot"Om1 (joinsh-ot-QUOTATION_MARK-Om-ONE)
Generate strong passwords using apg in Linux
Generate passwords using apg in Linux

As you can see in the above output, Apg generates 6 passwords. As I mentioned earlier, all generated passwords are pronounceable like a regular words and the pronunciation of each password is given in the brackets.

If you want to generate random character passwords instead of pronounceable passwords, use "-a 1" option like below.

$ apg -a 1
L|yGwk3K$o
OYMfkagZ
DJcMO~[~X"
ZEp!8T9H
)6H"nn)^\S
^RttEXJ4

More details can be found in its man pages.

$ man apg

Method 5 - Using xkcdpass

Xkcdpass is a flexible and scriptable password generator which generates strong passphrases. It is inspired
by XKCD 936.

Xkcdpass is available in the default repositories of some Linux distributions.

To install Xkcdpass on Arch Linux and its variants, run:

$ sudo pacman -S xkcdpass

On Debian, Ubuntu:

$ sudo apt install xkcdpass

Once installed, run xkcdpass to generate a random passphrases.

$ xkcdpass

This command generates one command with default options.

Sample output:

voting kilogram prize pegboard agency washboard
Generate strong passwords using xkcdpass
Generate random passwords with xkcdpass

By default, it will generate 6 passphrases. You can use -n option to create any number of passphrases. The following command will display 10 random passphrases.

$ xkcdpass -n 10

For further details, go through xkcdpass man pages.

$ man xkcdpass

Method 6 - Using Urandom

This yet another way to generate a random passphrases in Linux. We can use the /dev/urandom is a special file that serve as pseudorandom number generator in Unix-like operating systems. We can use this file to generate a random strings and use it as a password.

$ cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 14 | head -n 1
1Q1Qazvlo53TZE

Here we use tr command to delete unwanted characters and print the 14 random characters.

You can also use the following command if you prefer a bit shorter version.

$ cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c14; echo
CjWljBnIEQWyXX
Generate strong passwords using urandom in Linux
Generate passwords with urandom in Linux

Man pages will give more information about /dev/urandom/ file.

$ man urandom

Method 7 - Using Makepasswd

Makepasswd is a command line utility to generate and encrypt plaintext passwords in Unix-like systems. It generates true random passwords using /dev/urandom which we discussed in the previous section.

Install Makepasswd on Ubuntu using commands:

$ sudo add-apt repository universe

And then install it using command:

$ sudo apt install makepasswd

On Fedora:

$ sudo dnf install makepasswd

Once installed, create some random password using command:

$ makepasswd 
ewTDEXEKg

By default, it generates one password. If you want to more one, for example 5, use:

$ makepasswd --count 5
SDrasuhmA4
iC6RoTnw0
zHj7onjDIs
SdEYhoN8YW
nnXRVQy4T
Generate strong passwords using makepasswd
Generate passwords with makepasswd

To generate passwords with exactly N characters, for example 14, do:

$ makepasswd --chars 14
g35pSyAh1C7IA0

Generate passwords with at most N characters (E.g. 20):

$ makepasswd --maxchars 20
vsImrR4U9vjXNP6Crmg

Generate passwords with at least N characters (E.g. 5):

$ makepasswd --minchars 5
67CcQDQcq

You can, of course, combine these options and produce the result as you wish.

$ makepasswd --count 5 --minchars 5
WRsho
sYVXJ
PjCTDriStD
XcAx0
3GLmv4I

The above command will generate 5 passwords, each with at least 5 characters.

For more details, look into the man pages.

$ man makepasswd

Method 8 - Using a Perl script

Perl is available in the most Linux distribution's default repositories. Install it using the default package manager like below.

For example, to install on Arch based systems:

$ sudo pacman -S perl

On DEB based systems run:

$ sudo apt install perl

On RPM based systems, run:

$ sudo yum install perl

Once Perl installed, create a file:

$ vi password.pl

Add the following contents in it.

#!/usr/bin/perl

my @alphanumeric = ('a'..'z', 'A'..'Z', 0..9);
my $randpassword = join '', map $alphanumeric[rand @alphanumeric], 0..8;
print "$randpassword\n"

Save and close the file.

Now, go to the location where you saved the file, and run the following command:

$ perl password.pl

Replace password.pl with your own filename.

Sample output:

pGkLC2Shz
Generate strong passwords using perl script in Linux
Generate passwords using perl script in Linux

Note: I couldn't find the original author of this script. If anyone know the author's name, please let me know in the comment section below. I will add the author name in this guide.

Please note that you must either memorize or keep the passwords you have generated in a safe place. If you find it difficult to remember passwords, use a password manager. Here are few password managers to try.

Conclusion

The thing is you can easily generate a strong password in Linux, but it is quite difficult to remember them. In that case, I recommend you to use any good Password managers. Even better, just memorize the password and delete it from your system. It is much better just in case your system is compromised.

You May Also Like

14 comments

Jim October 4, 2019 - 4:20 pm

I have no trouble generating strong passwords, I do have trouble remembering them!

Reply
Me December 18, 2019 - 5:27 pm

tr -dc ‘[:graph:]’ < /dev/random | head -c 16

Reply
Thomas Stone June 6, 2021 - 5:13 pm

pwgen suffers from modulo bias. The pw_random_number function needs to be re-written to fix it.

The command I use to generate strong passwords is

head -c 256 /dev/urandom |openssl sha512 -binary | base64 | tr -dc A-Za-z0-9 | cut -b1-n

with the “n” in the cut command replaced with the password length, eg cut -b1-43.

I then store the generated password in a password manager whether Bruce Schneier’s passwordsafe or a commercial product such as 1Password.

There is a general rule in cryptography that regardless your entropy source, hash it. That is why the output of /dev/urandom is fed to the openssl sha512 utility.

Reply
sk June 6, 2021 - 6:41 pm

“There is a general rule in cryptography that regardless your entropy source, hash it.”

I didn’t know it. Thanks for your input.

Reply
1 2

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More