Linux Commands

Generate a Random Password on Linux

Passwords are everywhere, whether it is online form filling, signing up for a service, securing documents, locking PCs, etc. Creating a secure and strong password is vital for securing our online assets. As such, IT experts should know best practices and tools related to generating strong passwords. Intruders and hackers use many sophisticated methods to hack a user’s account, bypass security mechanisms, enter an unauthorized section of a website, etc. As a security measure, every good security administrator always advises users to have a strong password that should be changed from time to time. This ensures a strong protection wall against intruders.

As per the policy of most security administrators, a strong password should have:

  1. minimum 8 characters
  2. Random Mixture of lowercase and uppercase letters, numbers, and special characters.

The more random a password is, the stronger it will be.

What will we cover?

In this guide, we will see how to generate random passwords on Linux.

Generating a Random Password with ‘urandom’

‘/dev/urandom’ is a character device like ‘/dev/random’, both use a random-number entropy pool of the kernel for providing random numbers. To use ‘urandom’ for reading a random password, see the below command:

$ cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 13 ; echo ‘ ‘

Here the ‘tr’ command is used for deleting specific characters. The output is 13 characters long. You can use the man pages to get more information about it.

Generating a Random Password with ‘gpg’

GNU Privacy Guard or GPG or GnuPG tool is used for encrypting and decrypting files. It can be installed as a command-line tool. To use gpg for creating a random password that is 14 characters long, use:

gpg --gen-random --armor 1 14

‘–armor’ option is used to specify base64 encoded output.

Generating a Random Password with ‘pwgen’

‘pwgen’ is software for generating random passwords. It has provision for generating human memorable and pronounceable as well as secure passwords. The output of the command can be print on a terminal or piped to a program. To install ‘pwgen’ on Ubuntu 20.04, use the command:

$ sudo apt install  pwgen

To create a simply memorable random password, use pwgen alone as:

$ pwgen

The above command will generate a table of random passwords:

To create strong and strict random passwords which are not easy to remember, use the ‘-s’ option:

$ pwgen -s

To create a single password at a time, use ‘-1’ option as:

$ pwgen -1

To list various usage of pwgen, use the help command:

$ pwgen -h

Here is the list of some ‘pwgen’ options and their meaning:

  1.  -n or –numerals: For adding at least one numeral in the password.
  2.  -0 or –no-numerals: For excluding numerals in the password.
  3.  -s or –secure: To make completely random passwords.
  4.  -H or –sha1=/path/to/the/file[#seed]: For generating a password, it uses the SHA1’s hash value of a file.

See the man page of ‘pwgen’ for various options for generating random passwords.

Generating a Random Password with ‘apg’

‘apg’ or Automated Password Generator is another tool for generating random passwords on Linux. It provides a strong password consisting of uppercase and lowercase and numeric characters. The default output is to produce pronounceable passwords. To install ‘apg’ on Ubuntu, use:

$ sudo apt install apg

To generate four passwords of 13 characters length, use the command:

$ apg -s -a 1 -m 13 -n 4

Here it will ask you to enter some random data:

‘-a’ option removes the pronunciation of the password, ‘1’ is used for invoking random mode.

Here is the list of some ‘apg’ command line arguments and their meaning:

  1. -E char_string: To remove characters from the process of generating passwords.
  2. -a algorithm: Select an algorithm for generating password:
    1 – Use this to generate random password as per the password modes
    0 – Use this to generate pronounceable passwords.
  3. -n num_of_pass: To specify the number of passwords you want to generate.
  4. -t: This will print the pronunciation of the pronounceable password.

More information is available at man pages for apg.

Generating a Random Password with ‘OpenSSL’

To generate a pseudo-random password, we can use the OpenSSL rand command:

$  openssl rand -base64 9

-base64 option is used for encoding the output.

Generating a Random Password with ‘NewPass’

NewPass is another random password generator. It is a Python script that uses the ‘Secrets’ module of Python. To install Newpass on Ubuntu, use the command:

$ sudo snap install newpass

To print a random password, use:

$ newpass

Parameters used with ‘newpass’ are:

  1.  -h or –help:    To see various usage and options of newpass.
  2.  -s or  –symbol:  Use all symbols in generating the password.
  3.  -l or –limit:  Symbols used are limited to [email protected]#$%&*
  4.  ‘length’: Specify the length of the password; the default is 23.

Conclusion

In this guide, we have learned about some of the methods for generating random passwords on Linux. Passwords are very important; they are basically the first milestone for any hacker to hack into your account. Although merely having a strong password is not enough for assuming a complete solution. With the advancement in computational technologies, the power of brute-forcing has also risen. One should also consider other dimensions of security along with a strong password, for example, adding a two-factor authentication feature.

About the author

Ali Imran Nagori

Ali imran is a technical writer and Linux enthusiast who loves to write about Linux system administration and related technologies. You can connect with him on LinkedIn
.