mjhjmtu

To generate a random password you can use pwgen:

pwgen generates random, meaningless but pronounceable passwords.
These passwords contain either only lowercase letters, or upper
and lower case mixed, or digits thrown in.
Uppercase letters and digits are placed in a way that eases
remembering their position when memorizing only the word.

Generate 7 passwords of length 13:

geek@liv-inspiron:~$ pwgen 13 7
Eu7Teadiphaec giepahl3Oyaiy iecoo9Aetaib4 phaiChae6Eivi athoo3igee8Co
Iphu4ufeDeelo aesoYi2lie9he 

As mentioned in the comments, you can avoid reducing entropy by using the -s argument (i.e. generate more secure, completely random but hard to remember passwords):

geek@liv-inspiron:~$ pwgen -s 13 7
eAfycrPlM4cYv 4MRXmZmyIVNBp D8y71iqjG7Zq7 FQRHcserl4R8O yRCUtPtV3dsqV
0vJpp2h0OrgF1 QTp7MKtJyTrjz 

To generate random user names you can use gpw:

This package generates pronounceable passwords. It uses the statistics of
three-letter combinations (trigraphs) taken from whatever dictionaries you
feed it.

Generate 7 passwords (user names) of length 13:

geek@liv-inspiron:~$ gpw 7 13
sreepoidahsas
risadiestinge
ntodynesssine
deodstestress
natinglumperm
riasigentspir
enderiferback

My favorite way to do it is by using /dev/urandom together with tr to delete unwanted characters. For instance, to get only digits and letters:

head /dev/urandom | tr -dc A-Za-z0-9 | head -c 13 ; echo ''

Alternatively, to include more characters from the OWASP password special characters list:

</dev/urandom tr -dc 'A-Za-z0-9!"#$%&'''()*+,-./:;<=>?@[]^_`~' | head -c 13 ; echo

If you have some problems with tr complaining about the input, try adding LC_ALL=C like this:

LC_ALL=C tr -dc 'A-Za-z0-9!"#$%&'''()*+,-./:;<=>?@[]^_`~' </dev/urandom | head -c 13 ; echo

I am using the openssl command, the swiss army knife of cryptography.

openssl rand -base64 12

or

openssl rand -hex 12

Here is how, I do it. It generates 10 characters random string. You can optimize it by replacing the "fold", with other string processing tools.

cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 10 | head -n 1

To generate password with the highest entropy possible with standard Linux tools that are built into every distribution I use:

< /dev/urandom tr -cd "[:print:]" | head -c 32; echo

This outputs all of the ASCII printable characters - from 32 (space) to 126 (tilde, ~). The password length can be controlled with the head's -c flag. There are also other possible character sets in tr (to not include the space, just characters 33-126, use [:graph:]).

Depending on the level of randomness you want, you could simply go with bash's (also zsh and ksh, possibly others) builtin $RANDOM variable:

$ echo $RANDOM | tr '[0-9]' '[a-zA-Z]'
bfeci
$ echo $RANDOM | tr '[0-9]' '[a-zA-Z]'
cijjj

The methods reading directly from /dev/urandom are far simpler, but for the sake of completion, you could also use $RANDOM:

echo $(for((i=1;i<=13;i++)); do printf '%s' "$RANDOM:0:1"; done) | tr '[0-9]' '[a-zA-Z]'

@Brandin explained in a comment to another answer how to get at most 100 bytes from /dev/urandom using head -c 100. Another way to do this is with dd:

tr -dc A-Za-z0-9 < /dev/urandom | dd bs=100 count=1 2>/dev/null

The 2>/dev/null at the end of the dd command is to suppress the "... records in / ... records out" output.

I'm not aware of any substantial advantages/disadvantages between these two methods.

I had an issue with both methods of tr complaining about the input. I thought this was because it didn't like receiving binary input, and hence suggested first filtering /dev/random with iconv -c -t US. However, Gilles suggested a different diagnosis and solution, which works for me:

LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | dd bs=100 count=1 2>/dev/null

You can use one of md5 tools that has precisely this purpose. In the case of creating a completely random password you can use the md5pass. It is a very simple tool to use and very helpful, since you can use "normal text" together with a "salt" to jump-bit construction of the same password that you can recover afterwards, or alternatively you may want to get a completely random password all the time. The general usage is:

md5pass [password] [salt]

where password is a chosen word that will be used for the construction of the random string and salt is the jump in bytes to be used. Like this:

md5pass word

$1$.MUittVW$j.XDTF1QRnxqFdXRUiSLs0

This will create a "a random sequence" password for you to use. If you use no salt, then you may not be able to recreate this same string afterwards.

However if you use a salt like this:

md5pass word 512

$1$512$.0jcLPQ83jgszaPT8xzds0

then you can create a sequence which you can recover if you use the word in conjunction with the same salt (or jump) if it was originally defined.

These two commands generate random passwords and passphrases, respectively.

shuf --random-source=/dev/urandom --repeat --head-count=20 file_with_characters | tr --delete 'n'

shuf --random-source=/dev/urandom --repeat --head-count=7 file_with_words | tr 'n' ' '

The password generator requires a file_with_characters containing all the characters you want the password to use, one character per line, and exactly one time each. The file must not contain blank lines, and lines must be newline-terminated.

The passphrase generator requires a file_with_words containing all the words you want the passphrase to use, one word per line, and exactly one time each. The file must not contain blank lines, and lines must be newline-terminated.

The --head-count option specifies the length of the password--in characters--or passphrase--in words.

Inspired by Pablo Repetto I ended up with this easy to remember solution:

shuf -zer -n20 A..Z a..z 0..9

-z avoids multi line output

-e echo the result

-r allow any character to appear multiple times

-n20 random string with a length of 20 characters

A..Z a..z 0..9 allowed char classes

shuf is part of the linux coreutils and widely available or at least been ported.

APG is the default software in linux distributions.

To generate passwords from size 5 to 10 in subsets Special, Numeric, Capital un Small, it is :

apg -MSNCL -m 5 -x 10

Returns

@OpVeyhym9
3:Glul
3DroomIc?
hed&Os0
NefIj%Ob3
35Quok}

As said by @landroni a comment.

A super easy and simple (probably more simple than you're looking for) way to achieve this would be to generate a random number in a given range, convert that number to its equivalent ASCII character, and append it to the end of a string.

Here's a basic example in Python:

import random # import random library 
passFile = open("passwords.txt", 'w') # create file passwords.txt
passNum = int(input("Number of passwords: ")) # get number of passwords
passLength = int(input("Password length: ")) # get length of passwords 
for i in range(passNum):
 password = "" # reset password
 for i in range(passLength):
 num = random.randint(65, 122) # get random number
 while num in range(91, 97): # Don't include punctuation
 num = random.randint(65, 122)
 password += chr(num) # add character to current password 
 passFile.write(password + "n") # add current password to file 
passFile.close() # close file

EDIT: added comments, and added code to generate multiple passwords and write them to a file

I maintain secpwgen in Alpine Linux & keep the sources on my Github.

It can produce random strings or diceware phrases:

musl64 [~]$ secpwgen
USAGE: secpwgen <-p[e] | -A[adhsy] | -r | -s[e]> N

PASSPHRASE of N words from Diceware dictionary
 -p generate passphrase
 -pe generate enhanced (with symbols) passphrase

SKEY PASSWORD of N words from S/Key dictionary
 -s generate passphrase
 -se generate enhanced (with symbols) passphrase

ASCII RANDOM of N elements (at least one option MUST be present)
 -A Each letter adds the following random elements in output:
 a alphanumeric characters
 d decimal digits
 h hexadecimal digits
 s special characters
 y 3-4 letter syllables

RAW RANDOM
 -r output BASE64 encoded string of N random BITS
 -k output koremutake encoding of N random BITS

To generate a 13 character random string you would use:

musl64 [~]$ secpwgen -Aas 13
----------------
WK5#*V<]M3<CU ;ENTROPY=67.21 bits
----------------
INFO: destroying random number generator.
INFO: zeroing memory.

musl64 [~]$ secpwgen -Aa 13
----------------
GP0FIEBM9Y3BT ;ENTROPY=67.21 bits
----------------
INFO: destroying random number generator.
INFO: zeroing memory.

For users to remember a password use the diceware phrases:

musl64 [~]$ secpwgen -p 5
----------------
wq seen list n8 kerr ;ENTROPY=65.00 bits
----------------
INFO: destroying random number generator.
INFO: zeroing memory.

I personally like:

musl64 [~]$ secpwgen -r 512
----------------
h62lL7G4gwh3/j9c7YteQvVXoqJrQKKPWVR3Lt7az36DcfWZWtUgBT19iwmJBwP4UahNzPe7qYD7OcklUFpCzQ== ;ENTROPY=512.00 bits
----------------
INFO: destroying random number generator.
INFO: zeroing memory.

I've found that piping /dev/urandom to tr on macOS didn't work. Here's another way:

set="abcdefghijklmonpqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
n=6
rand=""
for i in `seq 1 $n`; do
 char=$set:$RANDOM % $#set:1
 rand+=$char
done
echo $rand

I use:

base64 < /dev/urandom | tr -d 'O0Il1+' | head -c 44

This gives me 57 possible characters. The string can be copy-pasted (removed + and ) or printed and retyped as the difficult to distinguish characters (I1lO0) have been removed.

• 44 characters gives me: log₂(57⁴⁴) > 256.64 bits of entropy


• 22 characters gives me: log₂(57⁴⁴) > 128.32 bits of entropy

I like this because:

• it is simple to type/remember


• it uses standard system tools - no extra binaries


• doesn't "waste" much randomness (uses 89% of the random bits it receives vs ~24% for solutions directly piping to tr)


• 22 and 44 characters pair quite nicely (just above even) common power of two breakpoints


• the output can be easily selected and pasted or printed and retyped with minimal human error rates


• shorter than hex encoded (32 and 64 instead of 22 and 44) solutions such as md5sum/sha1sum, etc.

Credit to https://unix.stackexchange.com/a/230676/9583 and especially the comments for my initial inspiration.

I'd like this command:

date +%s | sha256sum | base64 | head -c 12