Diceware is another option.
It's a python based random password generator that can use the system as a source of randomness to generate passwords - or it can use REAL dice-rolls to generate passwords. So if you're a D&D nerd - you can use your favourite 20 sided dice to generate passwords.
I'm not on my Linux laptop ATM. I can't remember if diceware is available in the default repos or not.
It definitely used to be in the repos for Debian. And may, or may not be in the repos for other distros.
But as it is a python package, it should be available universally, on anything that can run Python - via
pip
.
So for most distros:
Then you can generate a password using
diceware
:
And using diceware with it's default settings (without passing any additional parameters) it will generate a password containing 6 random words, with the first letter of each word being capitalised and without using any special characters. Using the system as the source of randomness.
So, using diceware without parameters, you'll end up with something like this:
Code:
MimesReeksListenWhiteFlewPuff
Which according to a popular password checking site:
Code:
Your password can be hacked in at the most
6.578582525997411e+32 years
Which is an astronomically long time!
The advantage of using Diceware is that you can create secure, long passwords that are more easily memorable.
You can view all of the options for diceware using:
If you want to use your 20 sided dice as a source of randomness, to generate a 12 word long password, with capitalisation and 4 special characters:
Bash:
diceware -n 12 -c -s 4 -r realdice --dice-sides 20
Then the script will ask you to roll your dice a number of times and enter the number shown on the dice. And eventually you'll get your password.
It usually asks for 3 dice rolls per word, so for a 12 word password - that will take 36 dice rolls!
So after many rolls of your 20 sided dice, you'll get something like this:
Code:
St%rClove$HecticIced24thDecay66thRin^DesertBunyanEmbarkDefer
Which the password checking site estimates the complexity as:
Code:
Your password can be hacked in at the most
2.765072848548581e+101 years
Which is still an astronomically long time!
But using real dice as a source of randomness, albeit a very real source of randomness - it has a LOT less entropy than using your system as the source of randomness AND will use a smaller portion of the wordlist.
So it's better to use the system as the source of randomness.
The default settings of diceware are enough to generate passwords that are sufficiently secure and also memorable.
Personally, I use diceware to generate passwords that are 8 to 12 words long, just to be sure.
So for a single, secure, random 8 word password:
One thing I like to do is generate several random passwords using GNU parallel to use multiprocessing to run the password generation operations in parallel threads - which will speed up the generation of multiple passwords:
Bash:
seq 5 | parallel -N0 diceware -n8
The above runs
diceware
5 times, using GNU parallel. Which will quickly yield 5 random, 8 word passwords:
Code:
RainsFursKermitCoinsEducateWrenCleverWashy
GushSlumpTapeHarrisSprangLungNumberPill
LenoreTangPhageSleekEnmityPeltWallyBecky
WarmthReportMaresStormyAgendaLambYipsWail
CynicFightRampCanonFamilyCloudAntsCraze
Then I'll pick one I like. So perhaps the last one.
Then I might re-arrange some of the words, replace a couple of letters with numbers and add some special characters, yielding something like this:
Code:
Cynic4lCan0nFamilyFight$CrazyCloud-Ants@Ramp
So the password ends up telling a bizarre little story.
"Cynical Canon family fights crazy cloud-ants at (the) ramp"
And thus, it's a little more memorable and still very secure!