A generator for random passwords
apg generates several random passwords. It uses several password generation algorithms (currently two) and a built-in pseudo random number generator.
Default algorithm is pronounceable password generation algorithm designed by Morrie Gasser and described in A Random Word Generator For Pronounceable Passwords National Technical Information Service (NTIS) AD-A-017676. The original paper is very old and had never been put online, so I have to use NIST implementation described in FIPS-181.
Another algorithm is simple random character generation algorithm, but it uses four user-defined symbol sets to produce random password. It means that user can choose type of symbols that should appear in password. Symbol sets are: numeric symbol set (0, …, 9) , capital letters symbol set (A, …, Z) , small letters symbol set (a, …, z) and special symbols symbol set (#, @, !, …).
Built-in pseudo random number generator is an implementation of algorithm described in Appendix C of ANSI X9.17 or RFC1750 with exception that it uses CAST or SHA-1 instead of Triple DES. It uses local time with precision of microseconds (see gettimeofday(2)) and /dev/random (if available) to produce initial random seed.
apg also have the ability to check generated password quality using dictionary. You can use this ability if you specify command-line options -r dictfile or -b filtername where dictfile is the dictionary file name and filtername is the name of Bloom filter file. In that dictionary you may place words (one per line) that should not appear as generated passwords. For example: user names, common words, etc. You even can use one of the dictionaries that come with dictionary password crackers. Bloom filter file should be created with apgbfm utility included in apg distribution. In future releases I plan to implement some other techniques to check passwords (like pattern check) just to make life easier.
http://www.adel.nursat.kz/apg/ (currently offline)
/usr/share/doc/apg/APG_TIPS
None
| File or Directory | Description |
|---|---|
/etc/apg.conf | System-wide apg configuration for all users on the system. |
Manual pages:
user@host:~$ man apg
For the bloom filter program:
user@host:~$ man apgbfm
To install apg on Debian:
root@host:~$ apt-get update root@host:~$ apt-get -y install apg
Any command line option can be added to the Variable APG_PARM in the configuration file /etc/apg.conf.
user@host:~$ apg
| Option | Description |
|---|---|
-d | Do NOT use any delimiters between generated passwords. |
-y | Print generated passwords and crypted passwords (see man crypt(3)). |
-q | Quiet mode, do not print warnings. |
-l | Spell genetated passwords. |
-t | Print pronunciation for generated pronounceable password. |
| Option | Description |
|---|---|
-a 0|1 | Algorithm used for password generation.\\0 - (default) pronounceable password generation.\\1 - random character password generation. |
-n num | Generate num number of passwords. Default is 6. |
-m min | Generate passwords with minimum length min. Default minimum password length is 8. |
-x max | Generate passwords with maximum length max. Default maximum password length is 10. |
-M mode | Password generation mode. mode consists of: S: Generator must use special symbol set for every generated password. s: Generator should use special symbol set for password generation. N: Generator must use numeral symbol set for every generated password. n: Generator should use numeral symbol set for password generation. C: Generator must use capital symbol set for every generated password. c: Generator should use capital symbol set for password generation. L: Generator must use small letters symbol set for every generated password. l: Generator should use small letters symbol set for password generation. |
-E excl | Exclude characters in excl from password generation process. |
-s | Ask user for random sequence for password generation. |
-c seed | Use seed as a random seed for password generation. |
| Option | Description |
|---|---|
-r file | Check generated passwords for their appearance in file. |
-b file | Check generated passwords for their appearance in file, which should be created with apgbfm. |
-p min | Check every substring of the generated password for appearance in file. If any of such substrings would be found in the file then generated password would be rejected and apg(1) will generate another one. min specifies minimum substring length to check. This option is active only if -b option is defined. |
To generate one password with a length of 16 characters, consisting of lower and upper case characters, numerals and symbols in random order:
user@host:~$ apg -a 1 -M SNCL -m 16 -x 16 -n 1
To generate 5 pronouncable passwords with a length between 16 and 32 characters and showing their pronounciation:
user@host:~$ apg -a 1 -M SNCL -m 16 -x 32 -n 5 -t
None
None