Generate random passwords with this Bash script

Take the hassle out of picking passwords with this simple Bash script.
212 readers like this.
Password

freeGraphicToday, via Pixabay. CC0.

Periodically, I need to come up with new passwords, some of which need to be more secure than others. My mind often seems to draw a blank when I have to create a new login, and this short Bash script fills that void. Full disclosure: I found most of this script posted somewhere and made a minor modification to it.

#!/usr/bin/env sh
echo 'Generating 12-character passwords'
for ((n=0;n<12;n++))
do dd if=/dev/urandom count=1 2> /dev/null | uuencode -m - | sed -ne 2p | cut -c-12
done

I don't know all the details of how this works, but I have done a bit of research and experimentation. The "meat" of the script is in the line beginning with do dd. You may have seen dd used to copy one disk to another, but in this case, it is used to generate one block of random characters with dev/urandom. The feedback messages from dd are stripped out, and then the characters are passed on to uuencode, whose job it is to transform the characters so that all are printable (i.e., no control characters).

The uuencode command can be obtained by installing the sharutils package.

The job of sed seems to be some further transformation so that the letters are mixed upper and lower case. Finally, cut slices off 12 characters to end with a 12-character password. The for loop runs 12 times, so you get 12 passwords.

Generating 12-character passwords 
8WMKHeXeYsND 
X+V3jWOuBWwp 
fSk6inI+LfYP 
hIPndcBOSh7m 
bb/w9mx8OlHv 
hdIOibUaMt3Y 
wl//CobIG5bR 
dih0qQQMJiXw 
BIN2QfNA4jCe 
DF0c8Auz1qL4 
RM8MMq/D8C8H 
rZIG5hbghcMy

This example output shows a pretty good jumble of characters. One thing to notice is that the only non-alphanumeric characters are / and +.

When I need a new password, I look through this output for one that "appeals" to me. If it's a password I will use frequently, I'd rather it be something I think I can eventually remember.

There is no reason to use these literally as they are; you can add or modify characters as you want. I mostly use eight-character passwords. Some places require a password to have specific elements, such as at least one lower-case letter, one upper-case letter, one number, and one symbol.

If I don't like any of the passwords, I run the script again to generate another 12. Someone might comment that dev/urandom only generates pseudo-random numbers, but this script certainly does a much better job than I could do on my own.

What to read next
Greg Pittman
Greg is a retired neurologist in Louisville, Kentucky, with a long-standing interest in computers and programming, beginning with Fortran IV in the 1960s. When Linux and open source software came along, it kindled a commitment to learning more, and eventually contributing. He is a member of the Scribus Team.

10 Comments

Or just: $ pwgen 12

Though: "Please note that there are security flaws in pronounceable password generation schemes (see Ganesan / Davis "A New Attack on Random Pronounceable Password Generators", in "Proceedings of the 17th National Computer Security Conference (NCSC), Oct. 11-14, 1994 (Volume 1)", http://csrc.nist.gov/publications/history/nissc/ 1994-17th-NCSC-proceedings-vol-1.pdf, pages 203-216)

Also note that the FIPS 181 standard from 1993 has been withdrawn by NIST in 2015 with no superseding publication. This means that the document is considered by its publicher as obsolete and not been updated to reference current or revised voluntary industry standards, federal specifications, or federal data standards.

apg has not seen upstream attention since 2003, upstream is not answering e-mail, and the upstream web page does not look like it is in good working order. The Debian maintainer plans to discontinue apg maintenance as soon as an actually maintained software with a compariable feature set becomes available."

https://packages.debian.org/buster/apg

In reply to by Tim Schaller

Great script and concept! Just a short explanation about the sed command.
The sed command options are -ne -n means don't print out all lines , -e means use the following option as the command, 2p means print only the second line of the output of uuencode because the first line and last are headers and footers.
Uuencode outputs both upper and lower case.

Don't forget the famous "Correct Horse Battery Staple" cartoon...

https://xkcd.com/936/

I much prefer pass-phrases when I'm allowed, as the length really does help in remembering what they are, and for the overall security.

Don't even get me started on the evils of password ageing..!

I think this one is way much neater.

alias pass1='echo -e "Password Generator\n";tr -cd [:alnum:] < /dev/urandom | fold -w16 | head -n1'

alias pass2='echo -e "Randomest Password Generator\n";tr -cd [:alnum:][:punct:] < /dev/urandom | fold -w16 | head -n1'

or use mktemp -u XXXXXXXXXXXX. The number of X is password length.

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.