Home Learn Linux 10 ways to generate a random password on Linux

10 ways to generate a random password on Linux

by Brandon Jones
ways to generate random password Linux

In any system environment and domain, the security of data and services accommodated by this system deserves the topmost priority. Properly securing an OS or other systems whose security depends on a generated password is essential. This makes the usage of a secure password an important footprint for all users. The passwords you use on your systems help secure your data and user activities from unauthenticated intruders. How you create these passwords needs to be unpredictable.

This unpredictability will grant you the needed authenticity as a system user or system admin. The algorithms for generating such passwords will grant them the needed uniqueness if their creation is machine-oriented. For this reason, we cannot always depend on our unmatched creativity to generate unbreakable password renditions. We need the reputation and expertise of something too good at this password-generation game. There is no better candidate for this position than the hall of Famer, Linux Operating System.

Password generation logic

You will always find yourself using a password combination with a username to access a local computer or website on the internet. The password phrases you use need to be strong, unique, and complex enough for you to be confident about your authentication through the web or hosted services and applications you are using.

When registering on most platforms that need password authentication, these platforms will often give you a password setup guide to follow. You might be advised to meet the minimum requirement of 14 characters for a secure password length. These character variations will also need to contain Alphabets with Lower Case and Upper Case considerations, numbers, and even keyboard symbols. It is an approach that serves many users. But what if you are not patient enough or have the creative mindset of unraveling a unique and strong password each time you need one?

On a Linux platform, you can achieve this password objective in seconds without even stretching your brain muscles. Most, if not all, of these password-generation techniques we will assess in this article require that you have a strong basis or familiarity with the Linux command-line interface. The various password generating methodologies and utilities comfortably adapt to the Linux command-line environment.

Generating a random password on Linux

It is up to you to select the password-generating technique that you find easily adaptable to use.

Method 1: Linux password generation with OpenSSL

This approach requires that you first launch your terminal or command-line interface. Next, we will borrow the effectiveness of the OpenSSL Rand Function to create a strong password combination. This function example outputs 14 random string characters as the generated user password. Implement this password-generation approach by executing the following command string on your Linux terminal.

$ openssl rand -base64 14

The output on my end was able to generate this unhackable 14 character password.

1ehAW3ZpL0H1Ny+jniQ=

Method 2: Linux password generation with Urandon

The second command on this list for generating unhackable passwords on your Linux system is through urandom. This command work is that a password is generated through /dev/urandon and then outputted through a tr argument. It is a filtering mechanism for ignoring unwanted generated characters.

In this case, let’s say we still want a password that is 14 characters long, the filtering mechanism implemented in this method will only print the first password-generated 14 characters and ignore the rest. If you need more than 14 characters for your password, you can specify the desired password length by editing thec14 argument that appears on the following command string.

$ sudo < /dev/urandom tr -dc A-Za-z0-9 | head -c14; echo

The output on my end produced the following unique password string.

fJby4dNhuiUDnu

You might have noticed that running this command requires a user to have Sudo privileges. It is because we are accessing some Linux system file environments to generate the password string we need. It is only a Sudoer user that has access rights to such files.

Method 3: Linux password generation with pwgen

This approach requires a tool by the name pwgen. Unlike the first two inbuilt approaches for generating Linux passwords, pwgen is not prepackaged on your Linux system, and you will need to install it first. The following pwgen installation command applies to Debian-based, Arch-based, and RPM-based Linux operating systems respectively.

$ sudo apt install pwgen
$ sudo pacman -S pwgen
$ sudo yum install pwgen

The installation duration should take less than a minute to complete. Afterward, you will use the pwgen command to specify the password string length you wish to generate. For example, I chose to generate a 15 character password from this command.

$ pwgen 15 1

The following is the unique password outputted from the terminal.

rae4Quaw6ierieb

Method 4: Linux password generation with gpg

This is another inbuilt approach to generate a strong and unique user system password. You have the freedom to specify the password length you wish generated. We will stick with the 14 characters password length as generated by the other methods we reviewed. You can edit the 14 integer argument-part of its command if you need your password to be longer. Copy the following command string on your Linux terminal.

$ gpg --gen-random --armor 1 14

From my end, I was able to achieve the following outcome.

cB5jR27PZr/YZZJfr9A=

The inclusion of symbols other than letters and numbers in the generated password makes this approach uniquely performant in a practical environment like a cloud server or financial websites and platforms.

Method 5: Linux password generation with SHA

Every Linux Enthusiast is familiar with the term SHA. It is an abbreviation for Secure Hash Algorithm, which categorizes it as a cryptographic Hash function. You will find yourself using this tool mostly to secure files or data integrity through hashes. It helps compare the status of a file or data before and after its download.

These two hashes instances need to match for the integrity status of the download file and data to be conclusive. These generated hashes are so unique that we can hash anything, even the Linux date function, and use the generated hash as a unique user or system password. Consider the following example implementation of the hash function:

$ date +%s | sha256sum | base64 | head -c 30 ; echo

I tested this hash function to produce a 30 character long password and the results never disappointed.

ZDc1NDE2YjNhMzE0NmI4NmIyNmEwOW

Method 6: Linux password generation with the MD5 algorithm

MD5 is another hash function that is effective in generating a 128-bit value. It is recognized as a message-digest algorithm because of its usefulness as a cryptographic hash function. You can use it to hash any system function, and the generated output will be your unique phrase to use as a password. It is easy to implement via the Linux command-line interface. Since we already hashed the date function in the previous password-generation approach, let us try to hash the calendar function and see what is generated as an output. Or we can do both.

$ date | md5sum

Output:

75111fa81779934d48150aca85a20bd5

The following command uses md5 with the Linux calendar function.

$ cal | md5sum

Output:

e2772fc86ded596812b3acf507ab204d

As you can see, we could generate unique phrases to be used as passwords from Linux’s date and calendar functions. Just think of a system tool that the Linux terminal can accommodate and link it with the MD5 algorithm to generate string characters that qualify as supreme password phrases. You can even use sudo with this md5 algorithm and generate a unique phrase to be used as a system and user password.

$ sudo | md5sum

Output:

d41d8cd98f00b204e9800998ecf8427e

Method 7: Linux password generation with apg

APG is another effective tool for automating the generation of unique password phrases on a Linux environment. This tool is prepackaged with the OS or installed during the OS installation on an Ubuntu Linux system. Using this utility is easy, and its approach is different from the other password-generation mechanisms we have handled so far. It takes a random input and generates a variance of password phrase options. From these options, you will select a phrase that best works for you as a password. Generating these random password phrase options is as easy as running the command string apg -a 1. The varying output options will have a length of 8-10 unique random characters. Time to be more practical with this apg password-generation approach.

$ apg -a 1

Output:

>7=z'pgQVb
kVA/Vl/?6
WQ?I4eT22T
NhZS=4dc<J
S~cX[9&[
rJ_Oj+X|=f

As you can see, the output has unraveled six unique options. You can choose to go with either of the generated phrases, or you can use them all in your various password requirements. It is a unique approach to generating many passwords at once without the need for running a single command over and over again to get the desired number of password phrases.

Method 8: Linux password generation with makepasswd

You first need to install it to use this utility since it is not inbuilt like most of the approaches we have covered. For the Debian-based, Arch-based, and RPM-based Linux systems, respectively, the makepasswd installation command is straightforward.

$ sudo apt install makepasswd
$ sudo pacman -S makepasswd
$ sudo yum install makepasswd

As you have noticed, you will also need to be a Sudoer user to be granted the execution permissions of installing this package. Using makepasswd is simple and even more flexible than the apg approach. Its command string accommodates the use of an integer argument to specify the number of password phrase outcomes you wish to generate. As the apg approach generates six password instances at a single command execution, makepasswd can generate more password phrase options and also specify the character length of these password phrases. How about a demonstration.

$ makepasswd -count 10 -minchars 10

Output:

qSc75pVzUN

NNrggFKgCf

uqa6WYyabi

wnEuFQd81y

wLcJfEz5Cq

THR8jUB5VT

0jaSe88Jaz

5J064vidyA

UPsnHbB12g

B9rtrLmqrN

As you can see, the command-line output did exactly what we expected. So far, in terms of flexibility and precision, we can crown the makepasswd approach as the ultimate favorite among the password generation tools. However, we should not be too excited about making this conclusion as there are two more candidates left for us to review.

Method 9: Linux password generation with Perl

This high-level programming language can create scripts that will generate useful and unique password phrases. Most Linux distributions accommodate Perl in their default repositories. You can check the installation of Perl on your Linux system by running the following command:

$ perl -v

The command reveals the Perl version installed on your Linux environment. If Perl does not exist or you get an error message from running the above command, then it means that you need to make a fresh Perl installation on your Linux system. The following installation commands cater to Debian-based, Arch-based, and RPM-based Linux systems.

$ sudo apt install perl
$ sudo pacman -S perl
$ sudo yum install perl

Perl files usually have a .pl extension. After you manage to confirm its existence or installation on your Linux operating system, we need to create a Perl file or script for generating our password phrases. Create a file with a name like my_passwords_generator.pl and open it from a source code editor.

~/Desktop$ touch my_passwords_generator.pl

Alternatively, open this Perl file from the terminal.

$ nano my_passwords_generator.pl

Populate the Perl file with the following scripted code.

#!/usr/bin/perl

my @alphanumeric = ('a'..'z', 'A'..'Z', 0..9);

my $random_password = join '', map $alphanumeric[rand @alphanumeric], 0..8;

print "$random_password\n"

Executing this Perl script should produce a unique passphrase output.

$ perl my_passwords_generator.pl

Output:

LZJZcxr8A

Since the Perl script’s execution is from the terminal, make sure you are in the same directory as the Perl file before you run the execution command. In my case, I saved the Perl file on the Desktop folder of my Linux OS and then opened the command-line or terminal from there, making it easy to access and execute the file. The approach is ideal enough to specify the password length you wish outputted via a command argument.

Method 10: Linux password generation with xkcdpass

The last candidate on the list of this article’s random password generators is xkcdpass. This utility is flexible and scriptable in generating unique password phrases. The installation of many Linux distributions prepackages it as a system utility. If your Linux system does not have xkcdpass, you can install it using the following commands.

These installation commands work for Debian-based, Arch-based, and RPM-based Linux distributions.

$ sudo apt install xkcdpass or $ sudo snap install xkcdpass
$ sudo pacman -S xkcdpass
$ sudo yum install xkcdpass

Using this utility is as simple as running the following command:

$ xkcdpass

Output:

cabana pursuit available dimmed sandlot sporting

As you can see, this methodology generates unique passphrases that can be applied as passwords in scenarios that don’t demand high-level security. It is not an ideal option for financial platforms/services or cloud computing platforms. You could consider using these passphrases on platforms like social media accounts or blog sites where many network attackers or hackers do not target their security infrastructure.

The above command produced six passphrase options by default. If you need more passphrases generated, implement the -n option with an integer argument as part of the xkcdpass command. For example, we could generate 11 passphrases from the following command.

$ xkcdpass -n 11

Output:

confusion kennel humming unnatural plenty defraud vineyard stunning shindig voucher survive

There is more to xkcdpass. You can learn how to implement more complex passphrases from xkcdpass by running the following command.

$ man xkcdpass

Final Note

Password generation through a Linux operating system does not just limit its usage to operating system environments alone. You might be questing for a unique way to secure your email account, social media account, blog site, e-commerce site, or even your cloud servers.

You might be asking yourself how I will use more than one password when their generated patterns are too complex to memorize? The solution is simple, consider using the numerous Linux-supported password wallets or password managers to safekeeping your generated passwords. You now have two solutions to your password problem; how to create them and safely lock them away until their usage is mandatory.

You may also like

1 comment

Drul May 13, 2022 - 8:11 AM

There’s a few clever gems here, wrapped in lots of terrible advice.
* Nothing is “unhackable”, to suggest otherwise is dangerous. However, complexity (including length, variety of characters used, and randomness) will drastically slow attempts to guess it so as to be _practically_ impossible.
* Method 2 does not require sudo to run (only ‘tr’ is run as root, and doesn’t need it).
* Method 5; using date +%s is a terrible idea, if someone knows what day you created the password, there’s only 86400 possible passwords, which won’t take too long to test. Hash some random data from /dev/urandom instead.
* Method 6; the ‘sudo’ example is both bizarre and broken, sudo by itself output usage information to stderr and passes nothing to md5sum, resulting in the same md5sum every time (the hash of an empty string).
* Method 10; you’ve missed the point entirely; you’re supposed to use the whole lot as a single password. Take a look at the xkcd cartoon (google ‘xkcd password strength’) that inspired that tool and you’ll understand.
Honestly, just use Method 1; for best results, specify a number that’s a multiple of 3 and is three-quarters of the password length you require (you can thank base64 encoding for that twist).

Reply

Leave a Reply to Drul Cancel Reply

fl_logo_v3_footer

ENHANCE YOUR LINUX EXPERIENCE.



FOSS Linux is a leading resource for Linux enthusiasts and professionals alike. With a focus on providing the best Linux tutorials, open-source apps, news, and reviews written by team of expert authors. FOSS Linux is the go-to source for all things Linux.

Whether you’re a beginner or an experienced user, FOSS Linux has something for everyone.

Follow Us

Subscribe

©2016-2023 FOSS LINUX

A PART OF VIBRANT LEAF MEDIA COMPANY.

ALL RIGHTS RESERVED.

“Linux” is the registered trademark by Linus Torvalds in the U.S. and other countries.