On 08/12/2017 11:24 AM, Carmen Bianca Bakker wrote:
On 12/08/17 17:58, Linux Kamarada wrote:
I've never used a GUI/CLI password generator, always when I need, I use online ones. I heavily recommend against this. You cannot really trust that the password you are given on that web page is not also stored by the provider of that web page. You could be semi-sure by turning off internet access during password generation (and thus relying solely on local JavaScript), but it's honestly a needless risk to take.
pwgen is a perfectly good tool for this purpose.
Amen! In the days of (it's all cracked or hacked), why on earth would you ever use an online password generator that may just be a front-end to cracklib, hashcat, John the ripper, etc... I can't think of a more troubling thing to do from a security standpoint than tell the internet-world "Hey, look here! I genning a new password!" pwgen is a good tool, but if you wanted to just use bash, you could do something hackish like: #!/bin/bash pwq() { local len=${1:-8} test "$len" -eq "$len" &>/dev/null || { printf "pwq() error: integer value required.\n" return } local a=( {a..z} ) a+=( {A..Z} ) a+=( {0..9} ) test "$2" = '-s' -o "$2" = '--symbol' && a+=( ! @ \# $ % ^ \& \* - _ = + ) local b=( $(printf "%s\n" ${a[@]} | shuf) ) local start=$(( $RANDOM % $(( ${#b[@]} - len)) )) for ((i = $start; i < $((start + len)); i++)); do printf "%c" ${b[i]} done echo "" } pwq "$@" That isn't the most random generator, but it isn't bad either (and optionally include symbols '!@#$%^&*-_=+' if the second argument passed is '-s' or '--symbol'.) e.g. $ bash pwquick.sh 2nYNDvjy $ bash pwquick.sh 12 tfrD0IxJ8mgp $ bash pwquick.sh 8 -s AYMWwb1^ $ bash pwquick.sh 12 -s +mGpEb@j7RVD -- David C. Rankin, J.D.,P.E.