Generate passwords from the commandline
I needed to generate a random password from a shell script, I figured that this was solved long ago, so I turned to teh interwebz to quickly copy/paste a working solution.
Inspecting the first few links that turned up, I noticed many of the proposed solutions are dubious at best.
The date ain’t random, buddy
The most obviously wrong are:
$ date +%s | sha256sum | base64 | head -c32 $ date | md5sum $ ping -c 1 yahoo.com | md5 | head -c8
Both SHA256 & MD5 also output in hex, so that would limit the total amount of characters to just 16, instead of 92.
tr means translate characters
Most of the other commands suffer from a dubious usage of
If your locale is set to (extended) ASCII or a variant thereof (ISO-8859-1, Windows-1252) this is more or less okay, since every byte is a character or escape code.
However, with UTF-8 or another multibyte character sets, it gets more complicated. Not every random byte stream is a valid set of UTF-8 characters, the chances of a random byte stream also being a valid UTF-8 character stream is quite small.
Yet, it seems to work on Linux with GNU tr. Why? Here’s a clue:
$ echo 'I løv€ π' | tr '[:lower:]' '[:upper:]' I LøV€ π $ echo 'I løv€ π' | tr øπ€ X I lXXvXXX XX
The astute reader will have recognized what this means, GNU tr doesn’t handle multibyte characters, and always assumes an ASCII character set, which is somewhat disappointing, since it’s 2014, not 1974.
FreeBSD, for example, does this correctly, it also gives an error message on invalid UTF-8 sequences:
$ echo 'I løv€ π' | tr '[:lower:]' '[:upper:]' I LØV€ Π $ echo 'I løv€ π' | tr øπ€ X I lXvX X $ head -c5 /dev/urandom | tr X Y tr: Illegal byte sequence $ setenv LC_CTYPE C $ head -c5 /dev/urandom | tr X Y f��!�
While I’m whining anyway…
$ openssl rand -base64 8 | md5 | head -c8
$ curl -s http://sensiblepassword.com/?harder=1
I hope you can finish the scenario from here…
Just don’t do this. Ever. Randomly banging on the keyboard is a lot better.
$ head -c100 /dev/urandom | strings -n1 | tr -d '[:space:]' | head -c15 $ openssl rand -base64 15 $ gpg2 --armor --gen-random 1 15
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
|Thread||Thread Starter||Forum||Replies||Last Post|
|Security LinkedIn passwords in circulation||J65nko||News||1||8th June 2012 04:49 AM|
|Experts: We're stuck with passwords – and maybe they're best||J65nko||News||1||17th January 2012 03:08 AM|
|Passwords||zhorik||OpenBSD General||5||14th January 2011 12:51 AM|
|Generating passwords with jot(1)||J65nko||Guides||6||5th February 2010 02:28 AM|
|Generate xorg.conf.new and black screen||aleunix||OpenBSD Packages and Ports||2||4th June 2008 10:49 AM|