makepasswd

Generate a random password (8 to 10 characters long, containing letters and numbers)

$ makepasswd

$ makepasswd --chars [10]

$ makepasswd --minchars [5] --maxchars [10]

$ makepasswd --string [bar]

makepasswd [ password ]

If password is provided as an argument, it is encrypted. If omitted, makepasswd reads the password from standard input.

password
    The cleartext password to be encrypted. If provided on the command line, it is directly processed. Otherwise, the command will prompt for or read the password from standard input.

The makepasswd command is a utility designed to encrypt a given password using the traditional DES (Data Encryption Standard) crypt method, suitable for use in system password files like /etc/passwd or /etc/shadow.

It takes a cleartext password either as a command-line argument or from standard input, processes it through the crypt(3) function with a random salt, and then outputs the resulting encrypted hash to standard output.

Unlike some other password utilities, makepasswd does not generate random passwords; its primary function is to transform an existing password into its encrypted form.

It is often found as part of the whois package on Debian-based Linux distributions.

Limited Cryptographic Strength: makepasswd primarily uses the DES crypt algorithm, which is considered insecure and vulnerable to brute-force attacks due to its short key length and age.

No Random Generation: This command encrypts a provided password; it does not generate random, strong passwords.

Salt Generation: While it uses a random salt for each encryption, the underlying DES algorithm's weaknesses persist.

Distribution Specific: Its availability and behavior might vary across different Linux distributions, typically found in Debian-based systems as part of the whois package.

The output of makepasswd can be directly used in the password field of /etc/passwd or /etc/shadow entries.

For example, echo "mysecret" | makepasswd would output a string like abCdefGhijklM which could then be manually inserted into a user's password field.

The makepasswd utility has historically been included as part of the whois client package, particularly on Debian and its derivatives.

Its design reflects an older approach to password management, primarily serving the need to generate crypt(3) compatible password hashes, often for manual entry into password files or scripts.

With the advent of stronger hashing algorithms (like SHA-256, SHA-512, Blowfish) and more sophisticated password management tools, its direct usage has become less common for new system deployments.

However, it remains available for compatibility with legacy systems or specific administrative tasks where DES-encrypted passwords are still required.

passwd(1), mkpasswd(1) (from expect package), crypt(3), openssl passwd