A command-line random password generator using just the commonly available Unix utilities. Can create several passwords at once.

Muja 045a93646a Add password to clipboard directly 3 years ago
LICENSE 6ab6948b17 Init commit 3 years ago
README.md 3cee27b848 Now using tr instead of base64 for a stronger password! 3 years ago
quickpass 045a93646a Add password to clipboard directly 3 years ago

README.md

Quickly generate strong random passwords

With quickpass, you can quickly and easily generate strong passwords from the comfort of your terminal using nothing more than just a few common Unix command line utilities and device blocks. Here's how to use it:

To generate a single, 32-character random password, just type:

$ ./quickpass
!RM*U<AN#YI:%yQiR<L<:&q+?:Luq@6'

To generate a random password specifically with 42 characters in length, type:

$ ./quickpass -l 42
Y{@u&EzY\,@SOi^w,0r=gTr3V_-H|3Hk=)9g!aRfJL

To generate a list of five random passwords, type:

$ ./quickpass -n 5
G4'PEknI+A\g%fjPG\BNuH&=zlC5(W^9
X[:8E&Q`(hH\%(lf96Ye8"6x|KMR[E}+
Nt/0dP`UY2sZppNcqK?=]p9)3m?$t$|+
g^!{]Q_1TjnLcLGYJ_Ddhp&h&"Er,*XS
2oe}$P_L-6<XvA@%{Tc[f|ORyRWf&6wR

You can use these two options in any combination to suit your needs:

$ ./quickpass -n 4 -l 40
>RYK`+2HTpY-`.~2Q"/#b$S'p[oxdVH$Je[ke:Mo
!H!9H|odnqKVL;t#-;?4"qURXGn)jPtsX>tBAE~+
)p(BYr6UE,Y!2y0lt{lEnUUS,=Tz+wqPK1rwr83S
@3)[Rv3fu)Ng<uqz5n.t!d798{G(;d..XVk[}C66

Technical explanation and a note about security

quickpass is a very simple implementation of translating a sampling of random bytes from the /dev/urandom device with tr turning them into something that is human-readable and therefore applicable to be used as a password.

The reliability of this script lays mostly on the quality of the randomness obtained from the urandom file: it should be noted that, despite its name, it's actually a pseudorandom generator (although it samples hardware noise to compensate).

This means that from a strict security standpoint, this is not a true random generator, although it's pretty good regardless. OpenSSL certs and PGP keys are also generated using those bits, so I guess it should be pretty reliable.

Entropy analysis and password strength

This excellent article by Aaron Toponce gives a good basis from which password strength can be measured: information entropy. Entropy for a password can be calculated like this:

H = L * log(N)/log(2)

Where L is the length in characters and N is the number of possibilities that a single character can be in the password. quickpass generates passwords with all printable ASCII characters (95) with roughly the same probability of appearing (about 1.05%), which gives us a per-character entropy of 6.57 bits, but how much do we need?

Aaron gives us the answer again: any password with less than 72 bits of entropy can be brute-forced by the Bitcoin Blockchain in less than a minute, making his recommendation of 80 or more bits. The standard 32-character password generated by quickpass has an entropy of 210 bits, so you should be pretty safe.

Remember, however, that for some weird reason a few online services put a cap on how long a password can be, forcing you to use less secure passwords. Although you can easily change that using the -l option, remember to stay above the 80 bit threshold, which for quickpass would be 14 characters. Anything less, and you're as vulnerable as picking passwords like monkey.

Changelog

  • v0.1 - first usable version: uses base64 to produce printable characters
  • v0.2 - from a suggestion by @cmd it now uses tr to produce all printable ASCII characters for a much stronger password!