pwgen – PWGen is a password generator capable of creating large amounts of cryptographically secure random passwords or passphrases (from word lists). It uses a random pool to gather entropy from user inputs and system parameters as well as text encryption. The default should be fine for most users. For example, to get a 12-character password, use pwgen 12, and the utility will spit out a set of 120 possible passwords from which to choose (six columns, 20 rows).
-0, –no-numerals = Don’t include numbers in the generated passwords.
-1 = Print the generated passwords one per line.
-A, –no-capitalize = Don’t bother to include any capital letters in the generated passwords.
-a, –alt-phonics = This option doesn’t do anything special; it is present only for backwards compatibility.
-B, –ambiguous = Don’t use characters that could be confused by the user when printed, such as ‘l’ and ‘1’, or ‘0’ or ‘O’. This reduces the number of possible passwords significantly, and as such reduces the quality of the passwords. It may be useful for users who have bad vision, but in general use of this option is not recommended.
-c, –capitalize = Include at least one capital letter in the password. This is the default if the standard output is a tty device.
-C = Print the generated passwords in columns. This is the default if the standard output is a tty device.
-N, –num-passwords=num = Generate num passwords. This defaults to a screenful if passwords are printed by columns, and one password.
-n, –numerals = Include at least one number in the password. This is the default if the standard output is a tty device.
-H, –sha1=/path/to/file[#seed] = Will use the sha1’s hash of given file and the optional seed to create password. It will allow you to compute the same password later, if you remember the file, seed, and pwgen’s options used. ie: pwgen -H [email protected] gives a list of possibles passwords for your pop3 account, and you can ask this list again and again.
The passwords generated using this option are not very random. If you use this option, make sure the attacker can not obtain a copy of the file. Also, note that the name of the file may be easily available from the ~/.history or ~/.bash_history file.
-h, –help = Print a help message.
-s, –secure = Generate completely random, hard-to-memorize passwords. These should only be used for machine passwords, since otherwise it’s almost guaranteed that users will simply write the password on a piece of paper taped to the monitor…
-v, –no-vowels = Generate random passwords that do not contain vowels or numbers that might be mistaken for vowels. It provides less secure passwords to allow system administrators to not have to worry with random passwords accidentally contain offensive substrings.
-y, –symbols = Include at least one special character in the password.
pwgen 12 -s1yc
pwgen 14 -B1ycs
pwgen -B -c -N1 -n -s -y
pwgen 12 -1cn