pwqgen

Generate a passphrase

$ pwqgen

$ pwqgen random=[bitsize]

$ pwqgen config=[path/to/config_file]

$ pwqgen [[-h|--help]]

$ pwqgen --version

pwqgen [OPTION]...

-N <count>
    Specify the number of passwords to generate. Defaults to 1.

-M <length>
    Set the minimum length for the generated passwords.

-m <classes>
    Define the minimum number of character classes (uppercase, lowercase, digits, symbols) that must be present in the password.

-r <characters>
    Specify a string of characters that must NOT appear in the generated password.

-R <characters>
    Specify a string of characters that MUST appear in the generated password.

-s
    Allow sequential characters (e.g., "abc", "123") in the generated password. By default, sequential characters are avoided.

-d
    Allow double characters (e.g., "aa", "bb") in the generated password. By default, double characters are avoided.

-u
    Allow uppercase alphabetic characters (A-Z) in the password. This is enabled by default.

-l
    Allow lowercase alphabetic characters (a-z) in the password. This is enabled by default.

-n
    Allow digit characters (0-9) in the password. This is enabled by default.

-y
    Allow symbol characters (e.g., !, @, #, $) in the password. This is enabled by default.

-v
    Print verbose output, showing details about the generation process or quality checks.

-h
    Display a help message and exit.

The pwqgen command is a utility provided by the libpwquality library, designed to generate high-quality, random passwords. Unlike simpler password generators, pwqgen focuses on creating passwords that adhere to specific strength criteria, such as minimum length, inclusion of various character classes (uppercase, lowercase, digits, symbols), and avoiding easily guessable patterns like sequential or repetitive characters.

It leverages the underlying libpwquality library's logic, which is also used by system utilities like passwd to enforce password policies. This makes pwqgen particularly useful in environments where strong password security is paramount, allowing administrators and users to generate robust credentials that meet defined complexity requirements. The command offers extensive options to fine-tune the generated password's characteristics, providing flexibility while maintaining a strong focus on security.

• pwqgen relies on the system's entropy source for true randomness. Ensure your system has a sufficient amount of entropy available.
• While pwqgen helps generate strong passwords, the ultimate security depends on how these passwords are used, stored, and managed.
• The default behavior of pwqgen (e.g., avoiding sequential/double characters) is designed for security. Disabling these checks with -s or -d can reduce the password's strength.

pwqgen defines four character classes for assessing password complexity:

Uppercase: A-Z
Lowercase: a-z
Digits: 0-9
Symbols: Any character that is not uppercase, lowercase, or a digit (e.g., !, @, #, $, %, ^, &, *, etc.).

The -m option allows you to enforce a minimum number of these distinct classes in the generated password.

For true randomness, pwqgen relies on the operating system's cryptographic random number generator (e.g., /dev/urandom or /dev/random). It's important that your system has sufficient entropy, especially when generating a large number of passwords, to ensure that the generated passwords are unpredictable.

pwqgen is part of the libpwquality project, which was developed to provide a unified and robust library for password quality checking and generation on Linux systems. It addresses the need for strong password policies in system security, evolving from earlier, less comprehensive password generation and checking mechanisms.

The library, and consequently pwqgen, provides a standardized way for applications to ensure passwords meet predefined security criteria, making it a crucial component in modern system administration and user management.

passwd(1), pwgen(1), apg(1), libpwquality(7)