LinuxCommandLibrary

makepasswd

Generate secure, random passwords

TLDR

Generate a random password (8 to 10 characters long, containing letters and numbers)

$ makepasswd
copy

Generate a 10 characters long password
$ makepasswd --chars [10]
copy

Generate a 5 to 10 characters long password
$ makepasswd --minchars [5] --maxchars [10]
copy

Generate a password containing only the characters "b", "a" or "r"
$ makepasswd --string [bar]
copy

SYNOPSIS

makepasswd [options] [length]

PARAMETERS

-c
    Specifies the minimum number of digits in the password.

-d
    Specifies the minimum number of uppercase letters in the password.

-s
    Specifies the minimum number of special characters in the password.

--chars
    Use the password's chars given as parameter.

--count
    Specifies the number of passwords to generate.

--clear
    Generates the password as clear text.

--crypt
    Encrypts the password with crypt(). (default)

--md5
    Encrypts the password with md5.

--blowfish
    Encrypts the password with blowfish.

--sha-512
    Encrypts the password with SHA-512.

--rounds
    Specifies the amount of rounds for the encrypting functions.

--version
    Displays the version information.

[length]
    Specifies the length of the generated password. If omitted, a default length is used (often 8 characters).

DESCRIPTION

The makepasswd command generates random passwords, typically intended for system administration tasks such as creating user accounts or setting initial passwords for services. It employs various methods to increase randomness and security, including using a combination of uppercase and lowercase letters, numbers, and symbols.

The command offers options to customize the generated password, such as specifying the password length or choosing the encryption method to hash it for storage. By default, makepasswd often uses the crypt() function which can have security vulnerabilities and other command options are more secure. It's crucial to understand that while makepasswd generates passwords, it doesn't manage password storage; it's the user's responsibility to securely store or implement these passwords within their system.

CAVEATS

Using older encryption methods like `crypt()` is highly discouraged due to security vulnerabilities. Always opt for stronger hashing algorithms like SHA-512. Also, be mindful of where and how you store the generated password; `makepasswd` only generates the password, not its secure storage.

SECURITY CONSIDERATIONS

It's critical to choose strong encryption methods like SHA-512 and appropriate length passwords (at least 12 characters). Avoid using default settings without understanding their security implications. Consider using a more modern password manager or generator instead.
The `crypt()` function, when used with older algorithms like DES, has known security flaws and is prone to brute-force attacks. Always prioritize strong hashing algorithms.

HISTORY

The `makepasswd` command has evolved over time to incorporate more secure password generation practices. Older versions might rely on less robust random number generators or outdated encryption algorithms. Its initial purpose was to provide a simple utility for generating passwords during system administration tasks. The command development also depends on the Linux distributions.

SEE ALSO

openssl(1), pwgen(1)

Copied to clipboard