Today's article has a couple more ways to generate passwords in the terminal...

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
12,314
Reaction score
11,123
Credits
101,396
I did one on pwgen and folks liked it, so here's a couple more ways. In Linux, there's usually multiple ways to accomplish a task. That's a good thing.


Feedback is awesome.
 


Diceware is another option.
It's a python based random password generator that can use the system as a source of randomness to generate passwords - or it can use REAL dice-rolls to generate passwords. So if you're a D&D nerd - you can use your favourite 20 sided dice to generate passwords.

I'm not on my Linux laptop ATM. I can't remember if diceware is available in the default repos or not.
It definitely used to be in the repos for Debian. And may, or may not be in the repos for other distros.

But as it is a python package, it should be available universally, on anything that can run Python - via pip.
So for most distros:
Bash:
pip install diceware

Then you can generate a password using diceware:
Bash:
diceware

And using diceware with it's default settings (without passing any additional parameters) it will generate a password containing 6 random words, with the first letter of each word being capitalised and without using any special characters. Using the system as the source of randomness.

So, using diceware without parameters, you'll end up with something like this:
Code:
MimesReeksListenWhiteFlewPuff

Which according to a popular password checking site:
Code:
Your password can be hacked in at the most
6.578582525997411e+32 years
Which is an astronomically long time!

The advantage of using Diceware is that you can create secure, long passwords that are more easily memorable.

You can view all of the options for diceware using:
Bash:
diceware --help

If you want to use your 20 sided dice as a source of randomness, to generate a 12 word long password, with capitalisation and 4 special characters:
Bash:
diceware -n 12 -c -s 4 -r realdice --dice-sides 20
Then the script will ask you to roll your dice a number of times and enter the number shown on the dice. And eventually you'll get your password.
It usually asks for 3 dice rolls per word, so for a 12 word password - that will take 36 dice rolls!
So after many rolls of your 20 sided dice, you'll get something like this:
Code:
St%rClove$HecticIced24thDecay66thRin^DesertBunyanEmbarkDefer
Which the password checking site estimates the complexity as:
Code:
Your password can be hacked in at the most
2.765072848548581e+101 years
Which is still an astronomically long time!
But using real dice as a source of randomness, albeit a very real source of randomness - it has a LOT less entropy than using your system as the source of randomness AND will use a smaller portion of the wordlist.

So it's better to use the system as the source of randomness.
The default settings of diceware are enough to generate passwords that are sufficiently secure and also memorable.

Personally, I use diceware to generate passwords that are 8 to 12 words long, just to be sure.
So for a single, secure, random 8 word password:
Bash:
diceware -n 8

One thing I like to do is generate several random passwords using GNU parallel to use multiprocessing to run the password generation operations in parallel threads - which will speed up the generation of multiple passwords:
Bash:
 seq 5 | parallel -N0 diceware -n8

The above runs diceware 5 times, using GNU parallel. Which will quickly yield 5 random, 8 word passwords:
Code:
RainsFursKermitCoinsEducateWrenCleverWashy
GushSlumpTapeHarrisSprangLungNumberPill
LenoreTangPhageSleekEnmityPeltWallyBecky
WarmthReportMaresStormyAgendaLambYipsWail
CynicFightRampCanonFamilyCloudAntsCraze

Then I'll pick one I like. So perhaps the last one.
Then I might re-arrange some of the words, replace a couple of letters with numbers and add some special characters, yielding something like this:
Code:
Cynic4lCan0nFamilyFight$CrazyCloud-Ants@Ramp
So the password ends up telling a bizarre little story.
"Cynical Canon family fights crazy cloud-ants at (the) ramp"
And thus, it's a little more memorable and still very secure!
 
Last edited:
Diceware is another option.

Nice one! Heck, you could have used that as an article at my site!

I typically just use pwgen.

That's what was used in the first article. I decided to do a couple more ways as another article, just 'cause they were together in a different section of my notes.
 
Not terminal based, but, Keepassx, or any of the Keepass password manager family, have an inbuilt password generator. You can select password length and the type of characters to be included.

kpx.png


Personally, I'm all for creating my own passwords and storing them in Keepassx, however, there are some interesting options in the posts above.
 
Last edited:
I've been using Bitwarden for an odd reason for the past few days. It has a solid password generator built in. (I'm using a different device than I normally use and the reason for doing so should be brief enough for me to be too lazy to make changes to those systems to work with the current situation.)
 
Using Linux cmd, you can generate password with desired password length:

passwordLength=16 && (cat /dev/urandom | tr -dc '[:alpha:]' | fold -w ${1:-$passwordLength} | head -n 1)

Where you can enter the desired passwordLength.
 

Staff online


Top