apg
Generate random, pronounceable passwords
TLDR
Create random passwords (default password length is 8)
Create a password with at least 1 symbol (S), 1 number (N), 1 uppercase (C), 1 lowercase (L)
Create a password with 16 characters
Create a password with maximum length of 16
Create a password that doesn't appear in a dictionary (the dictionary file has to be provided)
SYNOPSIS
apg [OPTIONS] [NUMBER_OF_PASSWORDS] [PASSWORD_LENGTH]
Common Usage Examples:
apg -a 1 -m 8 -x 12 -n 3
Generates 3 pronounceable passwords, each between 8 and 12 characters long.
apg -a 0 -M NCLSU -m 12 -x 12 -n 1
Generates 1 completely random 12-character password using Numbers, Complex, Lowercase, Special, and Uppercase characters.
apg -a 0 -m 10 -x 10 -M NCLS -E 'iIlL0oO'
Generates a 10-character random password using Numbers, Complex, Lowercase, Special characters, excluding confusing characters (i.e., 'i', 'I', 'l', 'L', '0', 'o', 'O').
PARAMETERS
-a <algorithm>
Selects the password generation algorithm: 0 for random character sequences, 1 for pronounceable words (default: 0).
-n <number>
Specifies the number of passwords to generate (default: 1).
-m <min_len>
Sets the minimum length for generated passwords (default: 8).
-x <max_len>
Sets the maximum length for generated passwords (default: 10 for pronounceable, 10 for random).
-M <mode>
Defines the character modes for random passwords. Can be a combination of N (Numbers), S (Special characters), L (Lowercase), U (Uppercase), C (Complex/All) (default: LSU).
-X <char_string>
Includes additional specified characters in the password generation pool.
-E <char_string>
Excludes specified characters from the password generation pool.
-L
Prevents the use of lowercase letters when generating random passwords (used with -M S,U,N).
-s
Uses /dev/random for entropy, which might block if entropy is low, but is considered cryptographically stronger than /dev/urandom.
-d
Generates pronounceable passwords suitable for easy typing (implies -a 1).
-t
Disables security features for faster generation (use with extreme caution, for testing only).
-q
Quiet mode; suppresses all output except the generated passwords.
-v
Verbose mode; displays program version and configuration information.
DESCRIPTION
The apg command, short for Automatic Password Generator, is a versatile command-line utility designed to generate random passwords based on various algorithms and character sets.
It primarily offers two modes of password generation:
1. Pronounceable Passwords: These are generated using a phonetic algorithm, making them easier for humans to remember and type. While convenient, they might be slightly less secure than completely random ones due to their structured nature.
2. Completely Random Passwords: These are highly secure, created from a combination of numbers, uppercase letters, lowercase letters, and special characters. They leverage cryptographically strong pseudo-random number generators (PRNGs) like /dev/urandom or /dev/random to ensure unpredictability, making them highly resistant to brute-force and dictionary attacks.
apg provides extensive options for customization, allowing users to specify the number of passwords, their minimum and maximum lengths, and the exact character pools to include or exclude. It's an essential tool for system administrators and users requiring robust, unique, and secure passwords.
CAVEATS
1. Pronounceable Passwords Security: While convenient for memorization, pronounceable passwords (-a 1) may be more susceptible to dictionary attacks or guessing algorithms that mimic human language patterns, compared to truly random character sequences.
2. Entropy Source: By default, apg uses /dev/urandom. While generally sufficient for most cryptographic purposes, some highly sensitive applications might prefer /dev/random (via the -s option), which guarantees true randomness but can block if system entropy is low.
3. Character Exclusions: Carefully consider character exclusions (-E). Removing too many characters, especially those commonly found in strong passwords, can significantly reduce the password's entropy and make it easier to crack.
<B>UNDERSTANDING PASSWORD ENTROPY</B>
The strength of a password is often measured by its entropy, expressed in bits. Higher entropy means more possible combinations, making it exponentially harder to guess. apg aims to maximize this entropy by default when generating random passwords, utilizing a wide range of character sets. When specifying character sets or lengths, users should be mindful of how these choices impact the overall entropy and, consequently, the password's strength.
<B>CHOOSING THE RIGHT ALGORITHM</B>
For maximum security where memorability is not a primary concern (e.g., machine-generated keys, initial administrative passwords, or API tokens), the random character sequence algorithm (-a 0) is highly recommended. For user passwords that need to be typed or remembered, the pronounceable algorithm (-a 1) offers a good balance between security and usability, provided it's combined with sufficient length and adherence to other best security practices.
HISTORY
apg has been a reliable utility in the Linux and Unix ecosystems for generating strong passwords since its creation. Developed by Wojtek Paczynski, it was designed to provide a robust and flexible solution for creating passwords that are both secure and, optionally, easy for humans to remember.
Its development has consistently focused on leveraging system entropy sources effectively and offering various customization options for password complexity, catering to diverse security needs. Over the years, while newer tools have emerged, apg remains a trusted and widely used command-line utility for password generation due to its proven track record and comprehensive features.