Tutorial on using Pwgen to generate passwords under Linux systems

Pwgen generated passwords are easy to remember and fairly secure. Technically, easy-to-remember passwords are no more secure than randomly generated passwords. However, in most cases, the password generated by Pwgen is secure enough to require a high level of security in addition to the net-silver password. The advantage of using easy-to-remember passwords is that you don't write them down or store them somewhere on your computer, which is inherently unsafe.

Install Pwgen, enter in the terminal window (for Linux systems in the Debian series):

sudo apt-get install Pwgen

Running Pwgen without any parameters will output a full screen password. You can select one as your own password and then clear the screen. To generate a password in this way, someone is behind you, and he doesn't know which one you choose.

Run Pwgen, enter in Terminal:

Pwgen

After selecting the password, you can "clear" the terminal window content by entering clear at the terminal.

If you are sure that there is no one behind you, you can use the "1" parameter to have Pwgen generate only one password.

Pwgen-1

If you want to generate a completely random password, use the "-S" parameter.

Pwgen-1-S

If you want to increase the security level of your password, you can use special characters (such as exclamation marks, commas, and so on) in your password. Use the "-y" parameter to include at least one special character for the generated password.

Pwgen-1-s-y

Pwgen commands for more interesting parameters:
-0: The password does not contain a number.
-B,--ambiguous: Passwords do not contain easily confusing characters, such as "1" and "L", "0" and "O".
-V,--no-vowels: The password does not include a vowel or a number that may be mistaken for a vowel letter.

Here are a few specific examples:
1. Use the command Pwgen to generate a unique random password with a length of 10 characters.

$ Pwgen 10 1

Generate a unique random password

One breath generates a few sets of 50-character unique random passwords!

$ Pwgen 50

Generate multiple sets of random passwords

2. You can also use MAKEPASSWD to generate a unique random password for a given length each time. Before you play the MAKEPASSWD command, make sure that you have installed it. If it is not installed, try using APT or the YUM Package Manager to install the MAKEPASSWD package.

Generates a random password with a length of 10 characters. The length of the password generated by the command defaults to 10.

$ makepasswd

Use MAKEPASSWD to generate unique passwords

Generates a random password with a length of 50 characters.

$ makepasswd--char 50

Generate a password of length 50

Generates 7 random passwords with a length of 20 characters.

$ makepasswd--char--count 7

3. Use crypt with "salt" to encrypt a password. Provides manual or automatic adding of "salt".

For those who do not know the meaning of salt, here "salt" refers to a random data, it as a password generation function of an additional input, the purpose is to protect the password from the dictionary attack.

Before you do this, make sure that you have MKPASSWD installed.

The following command encrypts a password with "salt". The value of "salt" is randomly generated automatically. So every time you run the following command, it will produce a different output, because it receives a random value of "salt" each time.

$ mkpasswd Tecmint

Use Crypt to encrypt passwords

Now let's define the value of "salt" manually. Each time it produces the same result. Note that you can enter any value you want to enter as a "salt" value.

$ mkpasswd tecmint-s TT

With "Salt" encryption password

In addition, MKPASSWD is interactive, if you do not provide a password in the command, it will actively ask you to enter the password.

4. Use the AES-256-CBC encryption algorithm and encrypt a string (such as "tecmint-is-a-linux-community") with a "salt" password (such as "Tecmint").

# echo Tecmint-is-a-linux-community | OpenSSL enc-aes-256-cbc-a-salt-pass Pass:tecmint

Encrypt a string in Linux

In the example above, the output of the echo command is passed through the pipeline to the OpenSSL command, which encrypts the output via an encrypted encoding (enc:encoding with Cipher), which uses the AES-256-CBC encryption algorithm with a password (tecm int) and "salt".

5. Use the-AES-256-CBC decryption option of the OpenSSL command to decrypt the above string.

# echo U2fsdgvkx18zgoc+dfadpik58jbceyfdjbpminu91dkpevvru2k9oxwsgpvpdo/z | OpenSSL enc-aes-256-cbc-a-d-salt-pass Pass:tecmint

Decrypting a string in Linux

Now that's the stuff.

Tutorial on using Pwgen to generate passwords under Linux systems