Apg generates several random passwords. It uses several password generation algorithms (currently two) and a built-in pseudo random number generator. Default algorithm is pronounceable password generation algorithm designed by Morrie Gasser and described in A Random Word Generator For Pronounceable Passwords National Technical Information Service (NTIS) AD-A-017676. Generate secure password in Linux with these tools Most of the password generation tool discussed here are command line tools. Don't worry, I have not forgotten readers who prefer GUI. This password generator tool runs locally on your Windows, Mac or Linux computer, as well as your iOS or Android device. The passwords you generate are never sent across the web. The best password tips from the pros. Always use a unique password for each account you create. The danger with reusing passwords is that as soon as one site has a.
- Pronounceable Password Generator Linux
- Password Generators
- Random Password Generator Linux
- Xkcd Password Generator Linux
Name
apg - generates several random passwordsSynopsis
apg [-a algorithm] [-M mode] [-E char_string] [-n num_of_pass][-m min_pass_len] [-x max_pass_len] [-rdictfile] [-bfilter_file] [-p min_substr_len] [-s] [-ccl_seed] [-d] [-y] [-l] [-t] [-k] [-q] [-h] [-v]Description
apg generates several random passwords. It uses several password generation algorithms(currently two) and a built-in pseudo random number generator.Default algorithm is pronounceable password generation algorithm designed by Morrie Gasser and described in A Random Word Generator ForPronounceable PasswordsNational Technical Information Service (NTIS) AD-A-017676. The original paper is very old and had never been putonline, so I have to use NIST implementation described in FIPS-181.
Another algorithm is simple random character generation algorithm, but it uses four user-defined symbol sets to produce random password. It means that usercan choose type of symbols that should appear in password. Symbol sets are: numeric symbol set (0,.,9) , capital letters symbol set (A,.,Z) ,small letters symbol set (a,.,z) and special symbols symbol set (#,@,!,.).
Built-in pseudo random number generator is an implementation of algorithm described in Appendix C of ANSI X9.17 or RFC1750 with exception thatit uses CAST or SHA-1 instead of Triple DES. Optimage 3 3 14. It uses local time with precision of microseconds (see gettimeofday(2)) and/dev/random (if available) to produce initial random seed.
apg also have the ability to check generated password quality using dictionary. You can use this ability if you specify command-line options-rdictfile or -bfiltername where dictfile is the dictionary file name and filtername is the name of Bloom filterfile. In that dictionary you may place words (one per line) that should not appear as generated passwords. For example: user names, common words, etc. You evencan use one of the dictionaries that come with dictionary password crackers. Bloom filter file should be created with apgbfm(1) utilityincluded in apg distribution. In future releases I plan to implement some other techniques to check passwords (like pattern check) just to make life easier.
Options
Password generation modes options
- -n num_of_pass
- generate num_of_pass number of passwords. Default is 6.
- -m min_pass_len
- generate password with minimum length min_pass_len. If min_pass_len > max_pass_len then max_pass_len = min_pass_len. Defaultminimum password length is 8.
- -x max_pass_len
- generate password with maximum length max_pass_len. If min_pass_len > max_pass_len then max_pass_len = min_pass_len. Defaultmaximum password length is 10.
- -M mode
- Use symbolsets specified with mode for password generation. mode is a text string consisting of characters S, s, N,n, C, c, L, l. Where:
- S
- generator must use special symbol set for every generated password.
- s
- generator should use special symbol set for password generation.
- N
- generator must use numeral symbol set for every generated password.
- n
- generator should use numeral symbol set for password generation.
- C
- generator must use capital symbol set for every generated password.
- c
- generator should use capital symbol set for password generation.
- L
- generator must use small letters symbol set for every generated password (always present if pronounceable password generation algorithm is used).
- l
- generator should use small letters symbol set for password generation.
- R,r
- not supported any more. Use -E char_string option instead.
mode can not be more than 4 characters in length.
Note:
Usage of L, M, N, C will slow down password generation process.
Examples:
-M sncl or -M SNCL or -M Cn
- -k
- check every generated password using cracklib. To use this ability you must enable cracklib support during programm building.
- -r dictfile
- check generated passwords for their appearance in dictfile
- -b filter_file
- check generated passwords for their appearance in filter_file. filter_file should be created with apgbfm(1) utility.
- -p min_substr_len
- this option tells apg(1) to check every substring of the generated password for appearance in filter_file. If any of such substringswould be found in the filter_file then generated password would be rejected and apg(1) will generate another one. min_substr_len specifiesminimum substring length to check. This option is active only if -b option is defined.
Pseudo random number generator options
- -d
- do NOT use any delimiters between generated passwords. I use it when i have to generate passwords in a shell script.
- -y
- print generated passwords and crypted passwords (see man crypt(3))
- -q
- quiet mode (do not print warnings)
- -l
- spell genetated passwords. Useful when you want to read generated password by telephone.
WARNING: Think twice before read your password by phone.
- -t
- print pronunciation for generated pronounceable password
- -h
- print help information and exit
- -v
- print version information and exit
Default Options
apg -a 0 -M sncl -n 6 -x 10 -m 8 (new style)If you want to generate really secure passwords, you should use option -s. To simplify apg usage, you can write a small shell script. Forexample:
[begin]----> pwgen.sh
#!/bin/sh
/usr/local/bin/apg -m 8 -x 12 -s
[ end ]----> pwgen.sh
Exit Code
On successful completion of its task, apg will complete with exit code 0. An exit code of-1 indicates an error occurred. Textual errors are written to the standard error stream.Diagnostics
If /dev/random is not available, apg will display a message about it.Files
None.Pronounceable Password Generator Linux
Bugs
None. If you've found one, please send bug description to the author.See Also
apgd(8), apgbfm(1)Author
Adel I. Mirzazhanov,Project home page: http://www.adel.nursat.kz/apg/
If it was up to me I would never leave the command line. I use still use lynx (a command line browser), dict (a command line dictionary), and bc (a command line calculator) although with decreasing regularity. So why not use the command line to generate random passwords?
In this Linux quick tip, we will show you 5 bash commands (plus one utility) to quickly generate a random password.
Most of these example use the urandom file in dev. Here is an excerpt from the man page:
The character special files /dev/random and /dev/urandom (present since Linux 1.3.30) provide an interface to the kernel's random number generator.
.The random number generator gathers environmental noise from device drivers and other sources into an entropy pool. The generator also keeps an estimate of the number of bits of noise in the entropy pool. From this entropy pool random numbers are created.
Checking Available Entropy
You can check the available entropy on most Linux systems by reading the /proc/sys/kernel/random/entropy_available file. This will be a number in the range of 0-4096.
Using the cat Command
Here we are reading the urandom file with cat and piping it to tr. The tr command is then stripping out all printable characters, not including spaces. Then the head command is telling the command to print the first 18 characters and then stop.
If you wanted a shorter, or longer password you can change the number in the head command. If you wanted a password without special characters, you can change the tr command to:
Sketch 3 0 – vector drawing application. [:alpha:] - All letters
[:alnum:] - All letters and digits
Using the tr Command & Redirection
Often times people use cat gratuitously. Here is an example that does the same thing as the first example using redirection to input the file instead of cat.
Here instead of using cat, we are redirecting urandom directly into tr.
Neither of these command adds a new line to the end which will result in output like this (I have been cleaning it up for readability):
Password Generators
If that bothers you as much as it does me, just pipe to xargs -0 at the end:
Using the dd Command
The dd command is one of those utilities that seems to have no end to it's usefulness. Here we use urandom as the input file for dd, then pipe to tr as we did above. Winrar 2013 free download.
This one gives us a nice clean output with a new line.
Using the openssl Command
I am not a fan of this one, but maybe you are. Because of the base64 encoding, there are some lengths you cannot select. For example, I can't do 18 (which I like).
In Linux there is always a way. To get our 18 character length we can change to 32 (or 16) and cut the first 18 characters.
Using the strings Command
The strings command is not one of those commands that is used very often. Here we use it to pull printable characters for urandom, then use tr to strip the new lines, and head to print the first 18.
This command also doesn't print a new line, use the xargs trick above if needed.
The pwgen Utility
Installation
The pwgen utility is a small command line program that generates passwords. It has minimal options, but sometimes less is more.
To install pwgen on rpm based systems (Red Hat, CentOS, Fedora):
or
Random Password Generator Linux
To install on deb based systems (Debian, Ubuntu):
Basic Usage
Just typing pwgen will print a block of password in columns across your screen.
To stick with my theme, let's generate a password that is 18 characters long, includes at least one capital letter, one lowercase letter, one number and one special symbol. We will also tell it to only print a single password.
B - Don't include ambiguous characters in the password
c - Include at least one capital letter in the password
n - Include at least one number in the password
y - Include at least one special symbol in the password
18 - Length in characters
-1 - Only print one
Check out the pwgen man page for more information.
Conclusion
Xkcd Password Generator Linux
In this tutorial we covered 5+ ways to generate a random password from the command line. I have sed said it before, there is always more than one way to get something done in Linux. If you can think of more ways to generate a random password on the command line let us have it in the comments.