Secure Passwords in Linux

There are many utilities in Linux that help us in generating random passwords. The neccessity of having a strong password is well known. The problem with random passwords is that it is nearly impossible for us remember them. Using a password manager like KeePassX or KeePass2. That way, you only have to remember one password, the master pasword to unlock your password vault. This leads to another monkey’s tail scenario. If we loose/forget the master password, we you’re doomed.

Forgot Password

Utilities you can use

OpenSSL

You can use OpenSSL to generate a random password for you with the following command:

    openssl rand -base64 20
    # This command will generate a random 20 character long password as shown below.

XAOuOA3ZE+RnHxHqo8tAJgT0p8k=
Urandom

We can generate randomg passwords with /dev/urandom like so

sudo < /dev/urandom tr -dc A-Za-z0-9 | head -c20; echo
# here we are using the alphanumeric charset with a length of 20 chars

PsZo8QTxYwv5aoc2rxR1
pwgen
pwgen -ysBv 20 -n1
# we are geerating a 20 character long password. alter the -n parameter to generate more passwords

9h$FR{v/*7.z$/$9zfx-
gpg

We can generate random secure passwords with gpg using the following command. We will specify s length of 20 chars.

gpg --gen-random --armor 1 20
# this command will generate a secure, random base64 encoded apssword

B0nKqkHe/lJnu0Z6npYxvUILgYw=
SHA (Secure Hashing Algorithm)
date +%s | sha256sum | base64 | head -c 20 ; echo

OWE3ZjY3YjY0MjZiZDVi
md5
date | md5sum

b796eaba55e90433a3f8041203b338b4
xkcdpass

xkcdpass is not installed by default, (atleast on Debian 12 on which I’m running these commands.) it can be installed via apt install kkcdpass. This proram will generate a list of words which you could use as your passphrase.

havoc@trident:~$ xkcdpass 
palpitate arguable popper renegade eclipse boned
diceware

diceware functions in a manner similar to xkcdpass.

havoc@trident:~$ diceware 
AmbushUnworldlyUnmadePoachCofounderDisown

you can specify the wordlist to use with the --wordlist parameter like so:

havoc@trident:~$ diceware --wordlist en_eff
FitHungerTrillionLevelDrinkableJarring

Use any of these utilities to generate your passwords. You could use a passwords manager to store these passwords. Keepass2 has an inbuilt password manager you can use to generate passwords. ⚠️Pick your poison, stay safe online. Whereever possible, use 2FA (Two Factor Authentication). Store your backup codes (yes, you can download your backp codes for your online services, which can be used when you don’t access to your 2FA devices. I once lost access to my dropbox because I didnt have my backup codes 😢) in a secure location and manner.

Stay Safe Online