KNOWNHOST WIKI

User Tools

Site Tools


security:misc:how-can-i-generate-a-secure-random-password

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
security:misc:how-can-i-generate-a-secure-random-password [2016/10/17 12:14]
mscherf added intro section
security:misc:how-can-i-generate-a-secure-random-password [2020/06/11 13:43] (current)
Karson N.
Line 3: Line 3:
 It is important to make sure each and every password used for any type of account is strong. Before we get into how to generate these passwords, let's go over some of the characteristics of strong passwords. It is important to make sure each and every password used for any type of account is strong. Before we get into how to generate these passwords, let's go over some of the characteristics of strong passwords.
  
 +
 +\\
 ===== Characteristics of Secure Passwords ===== ===== Characteristics of Secure Passwords =====
  
Line 15: Line 17:
 Adding "special characters"((such as ''%%!@#$%^&*()_+=-{}|\][:"';<>?/.,%%'')) can help make a password "effectively longer" without adding more  characters. For this reason some applications will require you to use at least one of this type of character. However, applications differ on //which// special characters they allow. Additionally, if a password is long //enough//, then an alphanumeric password can still be as secure as a shorter password that has special characters. For this reason, it is probably easiest to generate a longer password with alphanumeric((ie, numbers and upper and lower case letters)) characters, and then add one or more special characters afterwards if required.((or if the application only allows short passwords)) Adding "special characters"((such as ''%%!@#$%^&*()_+=-{}|\][:"';<>?/.,%%'')) can help make a password "effectively longer" without adding more  characters. For this reason some applications will require you to use at least one of this type of character. However, applications differ on //which// special characters they allow. Additionally, if a password is long //enough//, then an alphanumeric password can still be as secure as a shorter password that has special characters. For this reason, it is probably easiest to generate a longer password with alphanumeric((ie, numbers and upper and lower case letters)) characters, and then add one or more special characters afterwards if required.((or if the application only allows short passwords))
  
 +\\
 ===== Storing the Passwords ===== ===== Storing the Passwords =====
  
Line 23: Line 26:
 If you do not have a password manager like these, or if the password is for something like your workstation where you have to log in before being able to even access the password manager, the next best option would be to write the passwords down. It is very important not to lose this paper. It is also strongly recommended to obfuscate the passwords, as well as which account each password is for. Make sure that when looking at the page, you will know what the passwords are and what they go to, but that someone else looking at the page will know neither. If you do not have a password manager like these, or if the password is for something like your workstation where you have to log in before being able to even access the password manager, the next best option would be to write the passwords down. It is very important not to lose this paper. It is also strongly recommended to obfuscate the passwords, as well as which account each password is for. Make sure that when looking at the page, you will know what the passwords are and what they go to, but that someone else looking at the page will know neither.
  
 +\\
 ===== Generating the Passwords ===== ===== Generating the Passwords =====
  
-If you do have a password manager like KeePassX or like LastPass, you can use the built-in password generator there, but it is also useful to know a few ways of generating strong passwords without use of these, in case you need to make up a password when you don't have these available to you. Here are some useful commands for generating long randomized passwords. If your computer uses Linux, Mac, or another Unix-like operating system, or if you are a Windows user using cygwin,((or, if you are using a newer Windows version that has added support for these commands without needing something like cygwin)) you should be able to use these commands in your computer's commandline. If this is not possible, or if you prefer to generate the passwords from within your server, you can log in via SSH and run the commands there.((Note for advanced users: These commands assume your shell is [[https://www.gnu.org/software/bash/|bash]]. If you are using something else, the syntax or commands for these tasks may vary.))+If you do have a password manager like KeePassX or like LastPass, you can use the built-in password generator there, but it is also useful to know a few ways of generating strong passwords without use of these, in case you need to make up a password when you don't have these available to you. Here are some useful commands for generating long randomized passwords. If your computer uses Linux, Mac, or another Unix-like operating system, or if you are a Windows user using cygwin,((or, if you are using a newer Windows version that has added support for these commands without needing something like cygwin)) you should be able to use these commands in your computer's commandline. If this is not possible, or if you prefer to generate the passwords from within your server, you can log in via SSH and run the commands there.((Note for advanced users: These commands assume your shell is ((https://www.gnu.org/software/bash/))[[https://www.gnu.org/software/bash/|bash]]. If you are using something else, the syntax or commands for these tasks may vary.))
  
 <WRAP important> These commands show example output of what the output of the command might look like. **Do NOT** use these specific passwords! Run the desired command yourself to generate your own. </WRAP> <WRAP important> These commands show example output of what the output of the command might look like. **Do NOT** use these specific passwords! Run the desired command yourself to generate your own. </WRAP>
Line 31: Line 35:
 Here are some commands to get you started. To some extent, pieces of these can be mixed and matched to get different types of results. For advanced users, you can learn more about each of these commands by typing ''%%man urandom%%'', ''%%man head%%'', ''%%man base64%%'', ''%%man tr%%'', ''%%man cut%%'', ''%%man cat%%'', ''%%man echo%%'', and/or ''%%man seq%%''. More about for loops can be found [[http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-7.html|here]]. Here are some commands to get you started. To some extent, pieces of these can be mixed and matched to get different types of results. For advanced users, you can learn more about each of these commands by typing ''%%man urandom%%'', ''%%man head%%'', ''%%man base64%%'', ''%%man tr%%'', ''%%man cut%%'', ''%%man cat%%'', ''%%man echo%%'', and/or ''%%man seq%%''. More about for loops can be found [[http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-7.html|here]].
  
 +\\
 ==== Generate one 50-character alphanumeric password ==== ==== Generate one 50-character alphanumeric password ====
  
 <code> <code>
-$ head -c 50 /dev/urandom | base64 | tr -d '/+=' | cut -c1-50 +  $ head -c 50 /dev/urandom | base64 | tr -d '/+=' | cut -c1-50 
-VIUmBnM5O6e9ULzrQIUbeBNxtifV3FnvxXguRNWUEkg7RLyj2O+  VIUmBnM5O6e9ULzrQIUbeBNxtifV3FnvxXguRNWUEkg7RLyj2O
 </code> </code>
  
 +\\
 ==== Generate one 23-character alphanumeric password ==== ==== Generate one 23-character alphanumeric password ====
  
 <code> <code>
-$ head -c 23 /dev/urandom | base64 | tr -d '/+=' | cut -c1-23 +  $ head -c 23 /dev/urandom | base64 | tr -d '/+=' | cut -c1-23 
-hoof1VnzfCkvyjRQPlRcRzr+  hoof1VnzfCkvyjRQPlRcRzr
 </code> </code>
  
 +\\
 ==== Generate one 16-character password, permitting specific special characters ==== ==== Generate one 16-character password, permitting specific special characters ====
  
Line 50: Line 57:
  
 <code> <code>
-$ cat /dev/urandom | tr -dc '[:alnum:]!@#$%^' | head -c 16; echo "" +  $ cat /dev/urandom | tr -dc '[:alnum:]!@#$%^' | head -c 16; echo "" 
-67Rxzg0oCN6S6Qk@+  67Rxzg0oCN6S6Qk@
 </code> </code>
  
 +\\
 ==== Generate five 16-character passwords, permitting specific special characters ==== ==== Generate five 16-character passwords, permitting specific special characters ====
  
Line 59: Line 67:
  
 <code> <code>
-$ for each in $(seq 5); do cat /dev/urandom | tr -dc '[:alnum:]$%^&*' | head -c 16; echo ""; done +  $ for each in $(seq 5); do cat /dev/urandom | tr -dc '[:alnum:]$%^&*' | head -c 16; echo ""; done 
-hVEa$sryiMfaJYEN +  hVEa$sryiMfaJYEN 
-LqB7zjdPysdx43%p +  LqB7zjdPysdx43%p 
-Rf%9BkCuPUs1pLCH +  Rf%9BkCuPUs1pLCH 
-efUodde*Msvgh0LR +  efUodde*Msvgh0LR 
-xiQYFHE5HyOZPtzi+  xiQYFHE5HyOZPtzi
 </code> </code>
  
 +\\
 ==== Generate five 23-character alphanumeric passwords ==== ==== Generate five 23-character alphanumeric passwords ====
  
 <code> <code>
-$ for each in $(seq 5); do head -c 23 /dev/urandom | base64 | tr -d '/+=' | cut -c1-23; done +  $ for each in $(seq 5); do head -c 23 /dev/urandom | base64 | tr -d '/+=' | cut -c1-23; done 
-D6vx2gjJrKLdmA3QpON8IvP +  D6vx2gjJrKLdmA3QpON8IvP 
-Cs41lyWMLsFQrmyTR0qLmnD +  Cs41lyWMLsFQrmyTR0qLmnD 
-MVjASrpGdcQhH216JoCFxLf +  MVjASrpGdcQhH216JoCFxLf 
-ICaS1MwyWBFetQEKafJmrt2 +  ICaS1MwyWBFetQEKafJmrt2 
-jiKtKJqDEmZAiBtm667p83q+  jiKtKJqDEmZAiBtm667p83q
 </code> </code>
  
security/misc/how-can-i-generate-a-secure-random-password.txt · Last modified: 2020/06/11 13:43 by Karson N.