How to use pwgen to generate password in Linux

Time:2021-1-22

Pwgen generated password is easy to remember and quite secure. Technically, easy to remember passwords are no more secure than randomly generated ones. However, in most cases, pwgen generated passwords are secure enough, except for online banking passwords which need high security level. The advantage of using easy to remember passwords is that you won’t write them down or save them somewhere on your computer, which is not safe.

Install pwgen and input it in the terminal window (applicable to Debian series Linux system)

Copy code

The code is as follows:

sudo apt-get install pwgen

Running pwgen without any parameters will output a full screen password. You can choose one of them as your password and clear the screen. Using this method to generate passwords, even if someone is behind you, he doesn’t know which one you choose.

Run pwgen and input the following in the terminal:

Copy code

The code is as follows:

pwgen

2015119101212068.jpg (550×312)

After selecting the password, enter clear in the terminal to “clear” the content of the terminal window.

If you are sure there is no one behind you, you can use the “- 1” parameter to make pwgen generate only one password.

Copy code

The code is as follows:

pwgen -1

2015119101234248.jpg (550×30)

If you want to generate a completely random password, use the “- s” parameter.

Copy code

The code is as follows:

pwgen -1 -s

2015119101302665.jpg (550×32)

If you want to improve the security level of the password, you can use special characters (such as exclamation point, comma, etc.) in the password. The “- Y” parameter allows the generated password to contain at least one special character.

Copy code

The code is as follows:

pwgen -1 -s -y

2015119101322830.jpg (550×31)

More interesting parameters of pwgen command:
-0: the password does not contain numbers.
-B. — ambiguous: the password does not contain confusing characters, such as “1” and “L”, “0” and “O”.
-v. — no vowels: passwords do not include vowels or numbers that may be mistaken for vowels.

Here are some specific examples:
1. Use the command pwgen to generate a unique random password with a length of 10 characters.

Copy code

The code is as follows:

$ pwgen 10 1

2015119101341479.gif (740×440)

Generate a unique random password

Generate several groups of unique random passwords with length of 50 characters at one time!

Copy code

The code is as follows:

$ pwgen 50

2015119101401161.gif (740×440)

Generating multiple groups of random passwords

2. You can also use makepasswd to generate a unique random password of a given length at a time. Before you play with the makepasswd command, make sure you have it installed. If it is not installed, try using apt or Yum package manager to install makepasswd.

Generate a random password of 10 characters in length. The length of the password generated by this command is 10 by default.

Copy code

The code is as follows:

$ makepasswd

2015119101422120.gif (740×440)

Using makepasswd to generate a unique password

Generate a random password of 50 characters in length.

Copy code

The code is as follows:

$ makepasswd –char 50

2015119101439208.gif (740×440)

Generate password of length 50

Generate 7 random passwords of 20 characters in length.

Copy code

The code is as follows:

$ makepasswd –char 20 –count 7

2015119101456138.gif (740×440)

3. Use crypt with “salt” to encrypt a password. Manual or automatic salt addition is available.

For those who don’t know the meaning of salt, “salt” here refers to a random data, which is used as an additional input to the password generating function to protect the password from dictionary attack.

Make sure you have mkpasswd installed before you do the following.

The following command will encrypt a password with “salt”. The value of “salt” is automatically generated at random. So every time you run the following command, it will produce a different output, because it takes a random value of “salt” each time.

Copy code

The code is as follows:

$ mkpasswd tecmint

2015119101513488.gif (740×440)
Use crypt to encrypt the password

Now let’s define the value of “salt” manually. Each time it will produce the same result. Please note that you can enter any value you want as the value of “salt”.

Copy code

The code is as follows:

$ mkpasswd tecmint -s tt

2015119101857813.gif (740×440)

Encrypted password with “salt”

In addition, mkpasswd is interactive. If you don’t provide a password in the command, it will ask you to enter the password.

4. Use aes-256-cbc encryption algorithm and a password with “salt” (such as “tecmint”) to encrypt a string (such as “tecmint-is-a-linux-community”).

Copy code

The code is as follows:

# echo Tecmint-is-a-Linux-Community | openssl enc -aes-256-cbc -a -salt -pass pass:tecmint

2015119102005519.gif (740×440)

Encrypting a string in Linux

In the above example, the output of echo command is passed to OpenSSL command through pipeline, so that the output is encrypted by enc (encoding with cipher). In this process, aes-256-cbc encryption algorithm is used, with password (tecmint) and “salt” attached.

5. Use the – aes-256-cbc decryption option of OpenSSL command to decrypt the above string.

Copy code

The code is as follows:

# echo U2FsdGVkX18Zgoc+dfAdpIK58JbcEYFdJBPMINU91DKPeVVrU2k9oXWsgpvpdO/Z | openssl enc -aes-256-cbc -a -d -salt -pass pass:tecmint

2015119102024100.gif (740×440)

Decrypting strings in Linux

Now that’s it.