Syndiaction / RSS Feed
Subscribe to posts
Bityard Blog
Add me on XING
Add me on vutuv
Fork me on GitHub
Table of Contents
Introduction
A generator for pronounceable passwords
The pwgen program generates passwords which are designed to be easily memorized by humans, while being as secure as possible. Human-memorable passwords are never going to be as secure as completely completely random passwords. In particular, passwords generated by pwgen without the -s option should not be used in places where the password could be attacked via an off-line brute-force attack. On the other hand, completely randomly generated passwords have a tendency to be written down, and are subject to being compromised in that fashion.
The pwgen program is designed to be used both interactively, and in shell scripts. Hence, its default behavior differs depending on whether the standard output is a tty device or a pipe to another program. Used interactively, pwgen will display a screenful of passwords, allowing the user to pick a single password, and then quickly erase the screen. This prevents someone from being able to “shoulder surf” the user's chosen password.
When standard output (stdout) is not a tty, pwgen will only generate one password, as this tends to be much more convenient for shell scripts, and in order to be compatible with previous versions of this program.
Links
General
Docs
None
Files and Directories
None
General Files and Directories
None
Configuration Files
None
Getting Help
Manual pages:
user@host:~$ man pwgen
Install
To install pwgen on Debian:
root@host:~$ apt-get update root@host:~$ apt-get -y install pwgen
Configuration
None
Usage
General Usage
user@host:~$ pwgen [OPTIONS] [PASSWORD LENGTH] [NUMBER OF PASSWORDS]
Command Line Parameters
Output Formatting
| Option | Description |
|---|---|
-1 | Print the generated passwords one per line. |
-C | Print the generated passwords in columns. This is the default if the standard output is a tty device. |
Password Complexity
| Option | Description |
|---|---|
-0, –no-numerals | Don't include numbers in the generated passwords. |
-A, –no-capitalize | Don't bother to include any capital letters in the generated passwords. |
-B, –ambiguous | Don't use characters that could be confused by the user when printed, such as “l” and “1”, or “0” or “O”. This reduces the number of possible passwords significantly, and as such reduces the quality of the passwords. It may be useful for users who have bad vision, but in general use of this option is not recommended. |
-c, –capitalize | Include at least one capital letter in the password. This is the default if the standard output is a tty device. |
-n, –numerals | Include at least one number in the password. This is the default if the standard output is a tty device. |
-s, –secure | Generate completely random, hard-to-memorize passwords. |
-v, –no-vowels | Generate random passwords that do not contain vowels or numbers that might be mistaken for vowels. It provides less secure passwords to allow system administrators to not have to worry with random passwords accidentally contain offensive substrings. |
-y, –symbols | Include at least one special character in the password. |
Example Usage
To generate one password with a length of 16 characters, consisting of lower and upper case characters, numerals and symbols in random order:
user@host:~$ pwgen -sync 16 1
To generate 5 pronouncable passwords with a length of 32 characters, excluding ambiguous characters such as “l” and “1”, or “0” and “O”:
user@host:~$ pwgen -B 32 5
Status Check
None
Recipies
None
Known Issues
None
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International