Learn 8 different ways to generate a random password in Linux using Linux native commands or third-party utilities.
In this article, we will walk you through various different ways to generate a random password in Linux terminal. Few of them are using native Linux commands and others are using third-party tools or utilities which can easily be installed on Linux machine. Here we are looking at native commands like,openssl dd, md5sum, tr, urandom and third-party tools like mkpasswd, randpw, pwgen, spw, gpg, xkcdpass, diceware, revelation, keepaasx, passwordmaker.
These are actually ways to get some random alphanumeric string which can be utilized as a password. Random passwords can be used for new users so that there will be uniqueness no matter how large your user base is. Without any further delay, let’s jump into those 15 different ways to generate the random password in Linux.
Generate password using mkpasswd utility
mkpasswd comes with the install of expect package on RHEL based systems. On Debian based systems mkpasswd comes with package whois. Trying to install mkpasswd package will result in error –
No package mkpasswd available. on RHEL system and E: Unable to locate package mkpasswd in Debian based.
So install their parent packages as mentioned above and you are good to go.
Run mkpasswd to get passwords
1 2 3 4 5 6 7 | root@kerneltalks# mkpasswd << on RHEL zt*hGW65c root@kerneltalks# mkpasswd teststring << on Ubuntu XnlrKxYOJ3vik |
Command behaves differently on different systems so work accordingly. There are many switches which can be used to control length etc parameters. You can explore them from man pages.
Generate password using OpenSSL
OpenSSL comes in build with almost all the Linux distributions. We can use its random function to get alphanumeric string generated which can be used as a password.
1 2 3 4 | root@kerneltalks # openssl rand -base64 10 nU9LlHO5nsuUvw== |
Here, we are using base64 encoding with random function and last digit for the argument to base64 encoding.
Generate password using urandom
The device file /dev/urandom is another source of getting random characters. We are using tr function and trimming output to get the random string to use as a password.
1 2 3 4 | root@kerneltalks # strings /dev/urandom |tr -dc A-Za-z0-9 | head -c20; echo UiXtr0NAOSIkqtjK4c0X |
dd command to generate password
We can even use /dev/urandom device along with dd command to get a string of random characters.
1 2 3 4 5 6 7 | root@kerneltalks# dd if=/dev/urandom bs=1 count=15|base64 -w 0 15+0 records in 15+0 records out 15 bytes (15 B) copied, 5.5484e-05 s, 270 kB/s QMsbe2XbrqAc2NmXp8D0 |
We need to pass output through base64 encoding to make it human readable. You can play with count value to get the desired length. For much cleaner output, redirect std2 to /dev/null. The clean command will be –
1 2 3 4 | root@kerneltalks # dd if=/dev/urandom bs=1 count=15 2>/dev/null|base64 -w 0 F8c3a4joS+a3BdPN9C++ |
Using md5sum to generate password
Another way to get an array of random characters which can be used as the password is to calculate MD5 checksum! s you know checksum value indeed looks like random characters grouped together we can use it as the password. Make sure you use the source as something variable so that you get different checksum every time you run command. For example date ! date command always yields changing the output.
1 2 3 4 | root@kerneltalks # date |md5sum 4d8ce5c42073c7e9ca4aeffd3d157102 - |
Here we passed date command output to md5sum and get the checksum hash! You can use cut command to get the desired length of output.
Generate password using pwgen
pwgen package comes with repositories like EPEL. pwgen is more focused on generating passwords which are pronounceable but not a dictionary word or not in plain English. You may not find it in standard distribution repo. Install the package and run pwgen command. Boom!
1 2 3 4 5 6 7 8 | root@kerneltalks # pwgen thu8Iox7 ahDeeQu8 Eexoh0ai oD8oozie ooPaeD9t meeNeiW2 Eip6ieph Ooh1tiet cootad7O Gohci0vo wah9Thoh Ohh3Ziur Ao1thoma ojoo6aeW Oochai4v ialaiLo5 aic2OaDa iexieQu8 Aesoh4Ie Eixou9ph ShiKoh0i uThohth7 taaN3fuu Iege0aeZ cah3zaiW Eephei0m AhTh8guo xah1Shoo uh8Iengo aifeev4E zoo4ohHa fieDei6c aorieP7k ahna9AKe uveeX7Hi Ohji5pho AigheV7u Akee9fae aeWeiW4a tiex8Oht |
You will be presented with the list of passwords at your terminal! What else you want? Ok. You still want to explore, pwgen comes with many custom options which can be referred for man page.
Generate password using gpg tool
GPG is an OpenPGP encryption and signing tool. Mostly gpg tool comes pre-installed (at least it is on my RHEL7). But if not you can look for gpg or gpg2 package and install it.
Use below command to generate password from gpg tool.
1 2 3 4 | root@kerneltalks # gpg --gen-random --armor 1 12 mL8i+PKZ3IuN6a7a |
Here we are passing generate random byte sequence switch (--gen-random) of quality 1 (first argument) with a count of 12 (second argument). Switch --armor ensures output is base64 encoded.
Generate password using xkcdpass
Famous geek humor website xkcd, published a very interesting post about memorable but still complex passwords. You can view it here. So xkcdpass tool took inspiration from this post and did its work! It’s a python package and available on python’s official website here
All installation and usage instructions are mentioned on that page. Here is install steps and outputs from my test RHEL server for your reference.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 | root@kerneltalks # wget https://pypi.python.org/packages/b4/d7/3253bd2964390e034cf0bba227db96d94de361454530dc056d8c1c096abc/xkcdpass-1.14.3.tar.gz#md5=5f15d52f1d36207b07391f7a25c7965f --2018-01-23 19:09:17-- https://pypi.python.org/packages/b4/d7/3253bd2964390e034cf0bba227db96d94de361454530dc056d8c1c096abc/xkcdpass-1.14.3.tar.gz Resolving pypi.python.org (pypi.python.org)... 151.101.32.223, 2a04:4e42:8::223 Connecting to pypi.python.org (pypi.python.org)|151.101.32.223|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 871848 (851K) [binary/octet-stream] Saving to: ‘xkcdpass-1.14.3.tar.gz’ 100%[==============================================================================================================================>] 871,848 --.-K/s in 0.01s 2018-01-23 19:09:17 (63.9 MB/s) - ‘xkcdpass-1.14.3.tar.gz’ saved [871848/871848] root@kerneltalks # tar -xvf xkcdpass-1.14.3.tar.gz xkcdpass-1.14.3/ xkcdpass-1.14.3/examples/ xkcdpass-1.14.3/examples/example_import.py xkcdpass-1.14.3/examples/example_json.py xkcdpass-1.14.3/examples/example_postprocess.py xkcdpass-1.14.3/LICENSE.BSD xkcdpass-1.14.3/MANIFEST.in xkcdpass-1.14.3/PKG-INFO xkcdpass-1.14.3/README.rst xkcdpass-1.14.3/setup.cfg xkcdpass-1.14.3/setup.py xkcdpass-1.14.3/tests/ xkcdpass-1.14.3/tests/test_list.txt xkcdpass-1.14.3/tests/test_xkcdpass.py xkcdpass-1.14.3/tests/__init__.py xkcdpass-1.14.3/xkcdpass/ xkcdpass-1.14.3/xkcdpass/static/ xkcdpass-1.14.3/xkcdpass/static/eff-long xkcdpass-1.14.3/xkcdpass/static/eff-short xkcdpass-1.14.3/xkcdpass/static/eff-special xkcdpass-1.14.3/xkcdpass/static/fin-kotus xkcdpass-1.14.3/xkcdpass/static/ita-wiki xkcdpass-1.14.3/xkcdpass/static/legacy xkcdpass-1.14.3/xkcdpass/static/spa-mich xkcdpass-1.14.3/xkcdpass/xkcd_password.py xkcdpass-1.14.3/xkcdpass/__init__.py xkcdpass-1.14.3/xkcdpass.1 xkcdpass-1.14.3/xkcdpass.egg-info/ xkcdpass-1.14.3/xkcdpass.egg-info/dependency_links.txt xkcdpass-1.14.3/xkcdpass.egg-info/entry_points.txt xkcdpass-1.14.3/xkcdpass.egg-info/not-zip-safe xkcdpass-1.14.3/xkcdpass.egg-info/PKG-INFO xkcdpass-1.14.3/xkcdpass.egg-info/SOURCES.txt xkcdpass-1.14.3/xkcdpass.egg-info/top_level.txt root@kerneltalks # cd xkcdpass-1.14.3 root@kerneltalks # python setup.py install running install running bdist_egg running egg_info writing xkcdpass.egg-info/PKG-INFO writing top-level names to xkcdpass.egg-info/top_level.txt writing dependency_links to xkcdpass.egg-info/dependency_links.txt writing entry points to xkcdpass.egg-info/entry_points.txt reading manifest file 'xkcdpass.egg-info/SOURCES.txt' reading manifest template 'MANIFEST.in' writing manifest file 'xkcdpass.egg-info/SOURCES.txt' installing library code to build/bdist.linux-x86_64/egg running install_lib running build_py creating build creating build/lib creating build/lib/xkcdpass copying xkcdpass/xkcd_password.py -> build/lib/xkcdpass copying xkcdpass/__init__.py -> build/lib/xkcdpass creating build/lib/xkcdpass/static copying xkcdpass/static/eff-long -> build/lib/xkcdpass/static copying xkcdpass/static/eff-short -> build/lib/xkcdpass/static copying xkcdpass/static/eff-special -> build/lib/xkcdpass/static copying xkcdpass/static/fin-kotus -> build/lib/xkcdpass/static copying xkcdpass/static/ita-wiki -> build/lib/xkcdpass/static copying xkcdpass/static/legacy -> build/lib/xkcdpass/static copying xkcdpass/static/spa-mich -> build/lib/xkcdpass/static creating build/bdist.linux-x86_64 creating build/bdist.linux-x86_64/egg creating build/bdist.linux-x86_64/egg/xkcdpass copying build/lib/xkcdpass/xkcd_password.py -> build/bdist.linux-x86_64/egg/xkcdpass copying build/lib/xkcdpass/__init__.py -> build/bdist.linux-x86_64/egg/xkcdpass creating build/bdist.linux-x86_64/egg/xkcdpass/static copying build/lib/xkcdpass/static/eff-long -> build/bdist.linux-x86_64/egg/xkcdpass/static copying build/lib/xkcdpass/static/eff-short -> build/bdist.linux-x86_64/egg/xkcdpass/static copying build/lib/xkcdpass/static/eff-special -> build/bdist.linux-x86_64/egg/xkcdpass/static copying build/lib/xkcdpass/static/fin-kotus -> build/bdist.linux-x86_64/egg/xkcdpass/static copying build/lib/xkcdpass/static/ita-wiki -> build/bdist.linux-x86_64/egg/xkcdpass/static copying build/lib/xkcdpass/static/legacy -> build/bdist.linux-x86_64/egg/xkcdpass/static copying build/lib/xkcdpass/static/spa-mich -> build/bdist.linux-x86_64/egg/xkcdpass/static byte-compiling build/bdist.linux-x86_64/egg/xkcdpass/xkcd_password.py to xkcd_password.pyc byte-compiling build/bdist.linux-x86_64/egg/xkcdpass/__init__.py to __init__.pyc creating build/bdist.linux-x86_64/egg/EGG-INFO copying xkcdpass.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO copying xkcdpass.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO copying xkcdpass.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO copying xkcdpass.egg-info/entry_points.txt -> build/bdist.linux-x86_64/egg/EGG-INFO copying xkcdpass.egg-info/not-zip-safe -> build/bdist.linux-x86_64/egg/EGG-INFO copying xkcdpass.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO creating dist creating 'dist/xkcdpass-1.14.3-py2.7.egg' and adding 'build/bdist.linux-x86_64/egg' to it removing 'build/bdist.linux-x86_64/egg' (and everything under it) Processing xkcdpass-1.14.3-py2.7.egg creating /usr/lib/python2.7/site-packages/xkcdpass-1.14.3-py2.7.egg Extracting xkcdpass-1.14.3-py2.7.egg to /usr/lib/python2.7/site-packages Adding xkcdpass 1.14.3 to easy-install.pth file Installing xkcdpass script to /usr/bin Installed /usr/lib/python2.7/site-packages/xkcdpass-1.14.3-py2.7.egg Processing dependencies for xkcdpass==1.14.3 Finished processing dependencies for xkcdpass==1.14.3 |
Now running xkcdpass command will give you a random set of dictionary words like below –
1 2 3 4 | root@kerneltalks # xkcdpass broadside unpadded osmosis statistic cosmetics lugged |
You can use these words as input to other commands like md5sum to get the random password (like below) or you can even use the Nth letter of each word to form your password!
1 2 3 4 5 6 7 | root@kerneltalks # xkcdpass |md5sum 45f2ec9b3ca980c7afbd100268c74819 - root@kerneltalks # xkcdpass |md5sum ad79546e8350744845c001d8836f2ff2 - |
Or even you can use all those words together as such a long password which is easy to remember for a user and very hard to crack using the computer program.
There are tools like Diceware, KeePassX, Revelation, PasswordMaker for Linux which can be considered for making strong random passwords.
There’s an another simple way to do that
Running:
head -c 21 /dev/urandom |base64
You can change the number in order to get more characters
I remain mystified about the raison d’etre for these applications. They are not any good for generating passwords that people will remember; there are several techniques to create passwords off the top of one’s head that will be reasonably difficult to break, and memorable at the same time. When it comes generating random passwords that will be protected by a master password, piping /dev/[u]random, as suggested, is more than enough. For throwaway passwords (for sites that obnoxiously force you to register, even if you are going to visit them once) they are irrelevant. Quite frankly, they do little more than filling out a much-needed gap in the Linux world.
good article
thanks for sharing this article