mkpasswd

mkpasswd [options] [password]

-m
    Specify the encryption method. Options include 'des', 'md5', 'blowfish', 'sha-256', 'sha-512' and 'crypt'.

-s
    Specify the salt length. If not given it is up to the hash method.

-l
    Specify the minimum password length. By default, a suitable length will be selected according to the hashing algorithm.

--rounds
    Specify the number of rounds for the hashing algorithm.

The mkpasswd command generates cryptographically strong passwords suitable for use in shadow password files. It can either generate a random password or encrypt a user-provided password. The default encryption method is based on SHA-512, offering strong security. mkpasswd is part of the whois package and is primarily intended for automated user provisioning and systems administration tasks where password creation or updates need to be performed securely. It provides various options to control the encryption algorithm, password length, and salt generation. It’s crucial to store the generated passwords securely, as compromising them could grant unauthorized access to user accounts. You can choose the hashing method used to encrypt the password, which impacts the security strength and compatibility with different systems. The use of mkpasswd requires careful consideration of security best practices and proper management of the resulting password hashes.

The security of the generated passwords depends on the encryption method used. The `des` method is considered weak and should be avoided.
Proper handling and storage of generated passwords are essential for maintaining system security.

Always choose a strong encryption method such as SHA-512. Ensure the salt length is sufficient to prevent rainbow table attacks.
Regularly review and update your password generation policies to address emerging security threats.

While mkpasswd handles the generation of cryptographically secure passwords, ensuring user-provided passwords also meet complexity requirements is vital.
Consider integrating password complexity checks into your user provisioning processes.

mkpasswd likely originated as a utility within larger system administration tools, particularly those related to user account management and password security. Its initial development probably focused on simplifying the secure generation and management of passwords for automated processes. Its usage has broadened as system administrators increasingly rely on secure password generation in scripts and automation workflows.

passwd(1), shadow(5), crypt(3)