In this article, we will share some interesting command-line tools to generate random passwords and also how to encrypt and decrypt passwords with or without the slat (a security measure used in password hashing) method.
Security is one of the major concerns of the digital age. We set passwords to computers, email, cloud, phones, documents, and whatnot. We all know the basic to choose a password that is easy to remember and hard to guess.
What about some sort of machine-based password generation automatically using pwgen or makepasswd – a command-line password generator used to generate random passwords based on length, complexity, and character.
PWgen – Generate a Random Password on Linux
To generate a random unique password of length equal to 10 characters use the ‘pwgen‘ command. If you have not installed pwgen, you can install it using your respective package managers as shown.
$ sudo apt install pwgen [On Debian, Ubuntu and Mint] $ sudo yum install pwgen [On RHEL/CentOS/Fedora and Rocky/AlmaLinux] $ sudo emerge -a sys-apps/pwgen [On Gentoo Linux] $ sudo apk add pwgen [On Alpine Linux] $ sudo pacman -S pwgen [On Arch Linux] $ sudo zypper install pwgen [On OpenSUSE]
Once ‘pwgen‘ is installed, you can use it to generate a single password as shown.
$ pwgen 10 1
To generate several random unique passwords of character length 50 in one go, use:
$ pwgen 50
Makepasswd – Generate Unique Passwords on Linux
The makepasswd command is another password generator that is used to generate unique random passwords based on a given length.
Before you can use the makepasswd command, make sure you have installed it. If not, you may install it using your distribution’s package manager as shown.
$ sudo apt install makepasswd [On Debian, Ubuntu and Mint] $ sudo yum install makepasswd [On RHEL/CentOS/Fedora and Rocky/AlmaLinux] $ sudo emerge -a sys-apps/makepasswd [On Gentoo Linux] $ sudo apk add makepasswd [On Alpine Linux] $ sudo pacman -S makepasswd [On Arch Linux] $ sudo zypper install makepasswd [On OpenSUSE]
To generate a random password of character length 10 (default value is 10).
$ makepasswd
To generate a random password of character length 50.
$ makepasswd --char 50
To generate 7 random passwords of 20 characters.
$ makepasswd --char 20 --count 7
mkpasswd – Encrypt a Password in Linux
To encrypt a password using crypt (a Python standard library) along with the salt method.
For those who may not be aware of salt, which is random data that serves as an additional input to a one-way function in order to protect passwords against dictionary attacks.
The mkpasswd command is a part of the whois package, and it is not installed on most modern Linux distributions, you need to install it using your distribution’s package manager.
$ sudo apt install whois [On Debian, Ubuntu and Mint] $ sudo yum install whois [On RHEL/CentOS/Fedora and Rocky/AlmaLinux] $ sudo emerge -a sys-apps/whois [On Gentoo Linux] $ sudo apk add whois [On Alpine Linux] $ sudo pacman -S whois [On Arch Linux] $ sudo zypper install whois [On OpenSUSE]
Now run the makepasswd command, which will encrypt the password with salt. The salt value is taken randomly and automatically. Hence every time you run the below command it will generate different outputs because it is accepting a random value for salt every time.
$ mkpasswd tecmint
Running the above command will generate a random salt value and use it to create the password hash for the password “tecmint.” The output will include the generated password hash.
To generate an SHA-512 password hash with the password “tecmint”, you can use the following command:
$ mkpasswd -m sha-512 tecmint
The output will be the generated password hash, which you can use for password storage or authentication purposes.
Moreover, mkpasswd is interactive and if you don’t provide a password along with the command, it will ask password interactively.
Encrypt a String with Password in Linux
To encrypt a string say “Tecmint-is-a-Linux-Community” using aes-256-cbc encryption using a password say “tecmint” and salt.
$ echo Tecmint-is-a-Linux-Community | openssl enc -aes-256-cbc -a -salt -pass pass:tecmint -pbkdf2
Here in the above example, the output of the echo command is pipelined with the openssl command that passes the input to be encrypted using Encoding with Cipher (enc) that uses aes-256-cbc encryption algorithm with salt it is encrypted using the password (tecmint) and -pbkdf2 algorithm.
Decrypt a String in Linux
To decrypt the above string use the openssl command using the -aes-256-cbc decryption.
# echo U2FsdGVkX18Zgoc+dfAdpIK58JbcEYFdJBPMINU91DKPeVVrU2k9oXWsgpvpdO/Z | openssl enc -aes-256-cbc -a -d -salt -pass pass:tecmint
That’s all for now. If you know any such tips and tricks you may share in the comment section, your tip will be published under your name and also we will include it in our future article.
Hello,
What about the command: “openssl rand”. Is it good enough to be a part of this article?
You are Boss…Linux ka Maha-Guru
Thanks Ravindra,
For such a feedback. You made my day man!
Great site of linux I have ever seen
Thanks Mahendra for your appreciation,
Keep connected.
Interesting! Great article, thank you!
Tecmint is a great web site. Always helpful.
Thanks you @Noob for such a feedback.
Keep Connected! Keep Commenting…
$ echo $RANDOM | md5sum | cut -c 1-8
Thanks aaa. We will include your tips in our “Linux Tips and tricks article” (& will elaborate it there).
Keep connected and keep commenting.
Be aware that the value returned by $RANDOM is between 0 and 32767 so this method is not very secure. You should add a seed. Also, the output contains only 8 hexadecimal numbers and so should be easy to crack by brute force.
echo FooBar$RANDOM | md5sum | base64 | cut -c 1-8
Another alternative is to generate random bytes using /dev/urandom (or even better using /dev/random but that one can be very slow) and to convert them to characters using base64
cat /dev/urandom | base64 | head -n 1 | cut -c 1-8
As a second though, applying base64 to the output of md5sum, so an hexadecimal number, is even worse because that seriously limits the possibilities.
Here a small bash command that shows the probability of finding a character at each rank 1-8. This is of course cyclic since base64 encodes 3 input bytes in 4 characters.
# for ((j=1;j<=8;j++)) ; do echo === $j ; for ((i=0;i<1000;i++)) ; do echo $RANDOM | md5sum | base64 | cut -c $j ; done | sort | uniq -c ; done
@Stef,
Thanks for the tips….:)
Which app do you use for animated command line?
Dear Plazma,
I am sorry, but it is a project developed by us and we have not named it yet. At this point we have not even concluded to publish the software under any particular Licence.
Keep connected!
Hi Avishek,
Could you tell me how you make that animated gif captures, please?. It is very nice.
Thanks
Dear Carl,
I am sorry, but it is a project developed by us and we have not named it yet. At this point we have not even concluded to publish the software under any particular Licence.
Keep connected!
Hi Avishek, I try your examples but I’m stuck with the example of “mkpasswd” I tried to install using apt-get but doesn’t found the package I searched with apt-cache search and found something, but results that is other program “mkpasswd.pl” which doesn’t have the ability to use the “Salt”, Could you please tell me how to install this tool.
Thanks in advance
# yum install expect
or
# apt-get install expect
Hope this helps…