Password Generation in the Linux Console

Posted on Thursday, June 19, 2025

Creating secure passwords is fundamental to maintaining robust cybersecurity practices. While many users rely on password managers or web-based generators, Linux provides numerous built-in and installable tools for generating strong passwords directly from the command line. As a system administrator, I frequently use a mixture of these methods in my daily work, depending on the specific requirements and security contexts I encounter. This post explores various methods to create passwords using the Linux console, from simple built-in utilities to specialized password generation tools.

Using Linux’s Random Source (/dev/urandom)

Linux provides an excellent source of randomness through /dev/urandom, which requires no additional software installation. This method uses pure “built-in tools” and offers great flexibility.

Alphanumeric Passwords

To create a 16-character password with letters and numbers:

< /dev/urandom tr -dc [:alnum:] | head -c${1:-16};echo

Passwords with Special Characters

For maximum security, include all printable characters (excluding spaces):

< /dev/urandom tr -dc [:graph:] | head -c${1:-16};echo

Letters Only

Sometimes you need passwords with only alphabetic characters:

< /dev/urandom tr -dc [:alpha:] | head -c${1:-16};echo

Mixed Letters and Numbers

A specific combination of digits and letters:

< /dev/urandom tr -dc [:digit:][:alpha:] | head -c${1:-16};echo

Using the dd Command

An alternative approach using dd for a 10-character password:

dd if=/dev/urandom bs=1 count=9 2>/dev/null | base64 -w 0 | rev | cut -b 3- | rev

Quick Password Generation with the date Command

One of the fastest ways to generate a password using Linux built-ins is leveraging the date command combined with md5sum:

Basic Method

date | md5sum

12-Character Password

date | md5sum | cut -c1-12

This method is extremely fast and requires no additional installations, though it’s less cryptographically secure than /dev/urandom methods.

pwgen - The Dedicated Password Generator

pwgen is a popular, purpose-built password generator that offers extensive customization options.

Installation

sudo apt install pwgen

Basic Usage

Generate a block of 160 8-character passwords:

pwgen

Secure 12-Character Passwords

Create secure passwords without ambiguous characters (like “l” and “1”):

pwgen -sB 12

Including Special Characters

pwgen -sBy 12

Batch Generation

Generate ten 12-character passwords in a single column (useful for bulk account creation):

pwgen -sBc 12 -n 10 -1

OpenSSL for Password Generation

OpenSSL, primarily used for encryption certificates and secure data transport, can also generate passwords.

Installation

sudo apt install openssl

Generate Random Password

Create a 12-character random password:

openssl rand -base64 12

Creating Numeric PINs with shuf

The shuf command, typically used for random permutations, excels at generating numeric PINs.

4-Digit PINs

Generate ten 4-digit PINs:

shuf -i 1000-9999 -n 10

8-Digit PINs

Generate ten 8-digit PINs:

shuf -i 10000000-99999999 -n 10

APG - Automated Password Generator

APG offers both pronounceable and random password generation options.

Installation

sudo apt install apg

Basic Usage (Pronounceable Phrases)

apg

Pure Random Characters

apg -a 1

Single 12-Character Random Password

apg -a 1 -m 12 -x 12 -n 1

Specialized Formats

Generate a 32-character hexadecimal password:

apg -a 1 -M nc -n 10 -m 26 -E GHIJKLMNOPQRSTUVWXYZ

Create a 20-digit numeric password:

apg -a 1 -m 20 -M N

Diceware - Word-Based Password Generation

Diceware creates memorable passwords using word lists, based on the concept of using dice rolls for true randomness.

Installation

sudo apt install diceware diceware-doc

Basic English Dictionary

diceware

German Dictionary

diceware -w de

Advanced Options

Five words with two special characters (characters replaced by symbols):

diceware -w de -n 5 -s 2

Five words with custom separator:

diceware -w de -n 5 -d .

Using Real Dice

For maximum security, use actual dice as the randomness source:

diceware -w de -n 5 -r realdice

Choosing the Right Method

The choice of password generation method depends on your specific needs:

Quick and simple: Use the date | md5sum method
Maximum security: Leverage /dev/urandom with special characters
User-friendly: Try pwgen for readable passwords
Memorable passwords: Use Diceware for word-based passphrases
Numeric PINs: Use shuf for clean numeric generation
Specialized requirements: APG offers the most customization options

Security Considerations

When generating passwords on the command line, remember:

Clear your bash history if it contains sensitive commands
Use /dev/urandom over /dev/random for better performance without sacrificing security
Consider the environment where you’re generating passwords - avoid shared systems for sensitive passwords
For maximum security with Diceware, use real dice rather than computer-generated randomness

Conclusion

Linux provides a wealth of options for password generation directly from the console. From simple one-liners using built-in utilities to sophisticated tools like Diceware, you can generate passwords that meet any security requirement. The key is understanding your specific needs and choosing the appropriate tool for the job. Whether you need a quick password for testing or a highly secure passphrase for production systems, Linux’s command-line tools have you covered.

Tags: linux, security, shell

ET:Legacy - Rediscovering a Classic

Happy New Year 2025! 🎉