How to Generate Random Passwords On Linux Shell

Passwords are an important part of not just Linux security but also the most popular way to protect our digital lives.

A strong password should be at least 8 characters long and contain a mix of uppercase and lowercase letters, numbers, and special characters.

Creating a non-guessable password is often trickier than not. It can be difficult to come up with a strong password that is also easy to remember, which is why it is often helpful to generate a random password.

In this article, we will show you how to generate a random password in Linux using the command line.

Generating a Random Password with ‘urandom’

The urandom command is used to generate a random password with the help of the /dev/urandom device. The /dev/urandom device uses an entropy pool to generate random numbers.

The entropy pool is constantly replenished with new entropy from various sources like keyboard timing jitter, mouse movement, and other system events.

The /dev/urandom device never blocks and can be used for generating long-term keys as well as one-time passwords.

The -N flag is used to specify the number of bytes to be read from the /dev/urandom device. For example, to generate a 16-byte random password, we can use the following command:

$ head -c 16 /dev/urandom | base64

This command will read 16 bytes from the /dev/urandom device and then encode them using base64 encoding.

Screenshot 2022 10 29 At 9.09.03 AM
Generating password using urandom command

Generating a Random Password with ‘pwgen’

pwgen is a command line program that generates random passwords. It can be used to generate passwords for use in scripts or for generating secure passwords for accounts. The pwgen command has a number of options that can be used to control the password generation process.

pwgen command is not installed by default.

we get started by installing pwgen command using

sudo apt install pwgen
Screenshot 2022 10 29 At 9.15.42 AM
Installing pwgen

Various arguments of pwgen

  • The -s flag tells pwgen to use a secure random number generator to generate the passwords.
  • The -c flag tells pwgen to use capital letters in the generated password.
  • The -n flag tells pwgen to use numbers in the generated password.
  • Finally, the -y flag tells pwgen to include special characters in the generated password.

Here is an example of how to generate 10-character long passwords that include capital letters, numbers, and special characters:

pwgen -s 10 -c -n -y
Image 16
Passwords generated by pwgen

Generating a Random Password with ‘makepasswd’

The makepasswd command can be used to generate a random password in a Linux shell. However, this command does not come pre-installed with the linux terminal. we can install it using the following command

sudo apt install makepasswd
Image 17
Installing makepasswd command

The makepasswd command has several arguments that can be used to generate passwords.

  • --chars=NUM – Specifies the number of characters in the generated password. The default is 8.
  • --count=NUM – Specifies the number of passwords to generate. The default is 1.
  • --crypt – Causes the generated passwords to be encrypted using the standard Unix crypt() function.
  • --md5 – Causes the generated passwords to be encrypted using the MD5 algorithm.
  • --rand-bytes=NUM – Specifies the number of random bytes to use when generating passwords. The default is 8.
  • --seed=SEED – Sets the seed for the random number generator. This can be used to generate the same password multiple times.
  • --sha1 – Causes the generated passwords to be encrypted using the SHA1 algorithm.
  • -s – Used to enable strict character set restrictions

For example, the following command will generate a random password of 12 characters:

makepasswd --chars=20
Screenshot 2022 10 29 At 9.26.18 AM
Generating 20 character long password using the makepasswd command

To generate a list of 10 random passwords, each 12 characters long, you would use the following command:

makepasswd --chars=12 --count=20
Image 18
Generating 20 different passwords 12 characters long each using the makepasswd command

Generating a Random Password with ‘openssl’

The ‘openssl’ command is a tool for managing cryptographic keys and certificates. It can be used to generate random passwords.

The ‘-rand’ flag can be used to generate a random password. The ‘-base64’ flag can be used to encode the password in base64.

For example, to generate a random password of 16 characters, you can use the following command:

openssl rand -base64 16
Screenshot 2022 10 29 At 9.34.16 AM
Generating a 16-character long random password using OpenSSL

Generating a Random Password with ‘tr’ and ‘/dev/urandom’

The ‘tr’ command is used for translating or deleting characters. The ‘/dev/urandom’ is a source of random data.

To generate a random password, we can use the following command:

tr -dc A-Za-z0-9 < /dev/urandom | head -c 16

This will translate all characters from the ‘/dev/urandom’ source except for A-Z, a-z, and 0-9. The ‘head’ command will then take the first 16 characters of the output.

An example output might be: “XK4c7BMZN4G6zgW7”

Screenshot 2022 10 29 At 9.41.57 AM
Generating a 16-letter random password using ‘tr’ and ‘urandom’ command

Generating a Random Password with the dd Command

The dd command is a powerful tool for copying and converting data. It can be used to copy entire disks or partitions, convert between different disk formats, and more.

There are many options available for the dd command, but some of the most commonly used ones are listed below:

  • if=filename: Specifies the input file. This is usually a device file such as /dev/sda.
  • of=filename: Specifies the output file. This is usually a device file such as /dev/sdb.
  • bs=n: Sets the block size to n bytes. The default value is 512 bytes.
  • count=n: Copies only n blocks from the input before stopping.
  • seek=n: Seeks to position n in the output before starting to write any data.
  • conv={notrunc|noerror|sync}[+]… : Specifies how to handle errors and end-of-file conditions. The most common options are “notrunc” (do not truncate the output file if it is longer than the input), “noerror” (continue copying even if there are read or write errors), and “sync” (pad blocks with zeroes so that reads return a multiple of the block size).

dd command can also be used for generating random passwords

To generate a random password with the dd command, you would use the following flags:

-N, –bytes=BYTES -C, –count=COUNT -W, –wait

$ dd if=/dev/urandom count=200 bs=1 2>/dev/null | tr -cd "[:graph:]" | cut -c-18

The above command uses the dd command to generate random data. The if option specifies the input file, which in this case is /dev/urandom.

The count option specifies the number of blocks to be read, and the bs option specifies the block size.

The data is then piped through the tr command, which only outputs characters that are considered “graphical” according to the POSIX standard. Finally, the cut command is used to only output the first 18 characters.

Generating a Random Password with the mkpasswd Command

The mkpasswd command can be used to generate a random password. However, the length cannot be controlled using this command. That can be changed using other commands.

mkpasswd command is a part of the whois package. In order to use the mkpasswd command you will have to isntall the whois package first like the following:

Image 19
Installing whois

mkpasswd requires salt or seed to be added so that it generates a password using it.

So the <salt> part is where we enter our custom seed word.

The command to generate a password is

mkpasswd -5 <seed word>
Image 21
Generate password using mkpasswd -5

Generating a Random Password with the ‘gpg’ Command

‘gpg’ or GNU Privacy Guard is another tool for generating random passwords on Linux. It provides a strong password consisting of uppercase and lowercase characters, numbers, and symbols. To install ‘gpg’ on Ubuntu, use:

$ sudo apt install gpg

Here is the list of some ‘gpg’ command line arguments and their meaning:

  • -c: This encrypts the password using a symmetric cipher so that it can be decrypted later.
  • -d: Use this option to decrypt an encrypted file.
  • –gen-key: Use this to generate new public and private keys.
  • –list-keys: Use this to list all the available keys.

The gpg command can be used to generate a random password with the –gen-random flag. This flag takes an integer argument that specifies the number of bytes of entropy to use.

For example, to generate a 16-character password using 96 bits of entropy, you would run:

gpg –gen-random 2 96

Image 22
16 random character password using gpg command uncoded

Now we will use the –armor argument to make the illegible code to ASCII format or base64 format.

Image 23
Generating base64 password using gpg command

Generating a Random Password with ‘apg’

‘apg’, or Automatic Password Generator is yet another utility for generating random passwords on Linux. It provides a strong password consisting of uppercase and lowercase characters, numbers, and symbols. To install ‘apg’ on Ubuntu use:

$ sudo apt-get install apg 

To generate two pronounceable passwords each of eight characters in length use the command:

$ apg -a 0 -m 8 -n 2 
Image 24
Generate 2 pronounceable passwords using apg
$ apg -a 1 -m 8 -n 2 
Image 25
Generate 2 random passwords using apg

-a, –ambiguous – This option will allow you to use ambiguous characters in your generated passwords. Ambiguous characters are those that could potentially be confused for one another when typed, such as 1 and l (one and lowercase L). Using this option will increase the strength of your passwords by making them more difficult to guess.

m, –minlen=NUMBER – This option allows you to specify the minimum length for your generated passwords. The default value is 8 characters, but you may want to increase this if security is a concern. Stronger passwords tend to be longer, so using a higher number here will result in stronger passwords overall. Just be sure not to leave out any important details like punctuation or numbers!

-M, –maxlen=NUMBER – This option allows you to specify the maximum length for your generated passwords. The default value is 8 characters, but you can increase this if desired. Keep in mind that longer passwords will be more difficult to remember, so only use a setting that you’re comfortable with.

-n, –numpass=NUMBER – This option lets you generate multiple passwords at once. By default, apg will only generate one password per invocation. If security is a concern and you want to have multiple strong backups, consider using this option to create several different passwords instead of just one.

Summary

There are many ways to generate a random password in Linux using the command line. Each method has its own advantages and disadvantages. The most important thing to remember when generating a password is to use a strong password that is at least 8 characters long and contains a mix of uppercase and lowercase letters, numbers, and special characters.