Commands tagged password

echo "ls" > script.bash;

This is my script, a simple 'ls'.

gpg -c script.bash;

Here I encrypt and passord-protect my script. This creates file script.bash.gpg.

cat script.bash.gpg | gpg -d --no-mdc-warning | bash

Here I open file script.bash.gpg, decrypt it and execute it.

In this example, where the users gpg keyring has a password, the user will be interactively prompted for the keyring password.

If the keyring has no password, same as above, sans the prompt. Suitable for cron jobs.

~/.gnupg/passwd/http-auth.gpg is the encrypted http auth password, for this particular wget use case.

This approach has many use cases.

example bash functions:

function http_auth_pass() { gpg2 --decrypt ~/.gnupg/passwd/http-auth.gpg 2>/dev/null; }

function decrypt_pass() { gpg2 --decrypt ~/.gnupg/passwd/"$1" 2>/dev/null; }

/dev/urandom relies on operator input to set the random seed. By itself, this may not contain enough random bits to produce high entropy output, especially if the system was recently restarted. Therefore, key stretching through a hash reduces the risk of using low-entropy output as a security key.

Generate a 18 character password from character set a-zA-Z0-9 from /dev/urandom, pipe the output to Python which prints the password on standard out and in crypt sha512 form.

/dev/urandom relies on operator input to set the random seed. By itself, this may not contain enough random bits to produce high entropy output, especially if the system was recently restarted. Therefore, key stretching through a hash reduces the risk of using low-entropy output as a security key.

/dev/random is said to by cryptographically secure, and unpredictable, as it gathers data from external sources, influenced by human timing interactions with computers, to fill the entropy pool. As such, this is a quick way to do a true random fair-6 dice roll. Using this method, you could easily create passphrases with Diceware http://diceware.com.

Use the excellent sensiblepasswords.com to a generate random (yet easy-to-remember) password every second, and copy it to the clipboard. Useful for generating a list of passwords and pasting them into a spreadsheet.

This script uses "madebynathan"'s "cb" function (http://madebynathan.com/2011/10/04/a-nicer-way-to-use-xclip/); you could also replace "cb" with

Remove "while true; do" and "; done" to generate and copy only 1 password.

This command line will remove password from all PDF files in the current folder. It use qpdf.

Why remember? Generate!

Up to 48 chars, works on any unix-like system (NB: BSD use md5 instead of md5sum)

Permit to generate a password for userPassword in ldap.

Use ?slappasswd -g? to generate a random passowrd.

This restricts things 3 ways:

1. No capitalized words, hence no proper names.

2. No apostrophes.

3. Restricts size to range (3,7)

Some snippets posted are slow on big dictionaries, this one is fast.

The pwgen program generates passwords which are designed to be easily memorized by humans, while being as secure as possible. Human-memorable passwords are never going to be as secure as completely completely random passwords. [from pwgen man page]

According to the gpg(1) manual:

--gen-random 0|1|2 count

Emit count random bytes of the given quality level 0, 1 or 2. If count is not given or zero, an endless sequence of random bytes will be emitted. If used with --armor the output will be base64 encoded. PLEASE, don't use this command unless you know what you are doing; it may remove precious entropy from the system!

If your entropy pool is critical for various operations on your system, then using this command is not recommended to generate a secure password. With that said, regenerating entropy is as simple as:

This is a quick way to generate a strong, base64 encoded, secure password of arbitrary length, using your entropy pool (example above shows a 30-character long password).

Another password maker, for human-unfriendly passwords. '-base64' output will make sure it it can be typed on a keyboard, though the output string length will always be a multiple of 4.

This command is AIX compatible.

It will prompt the user for a new password at next logon

This command is Linux compatible.

It will prompt the user for a new password at next logon

Generates a password using symbols, alpha, and digits. No repeating chars.

Prepending

env LC_CTYPE=C

fixes a problem with bad bytes in /dev/urandom on Mac OS X

This works only with GNU date.

In solaris the command:

date +%s

doesn't work.

You can try using the following instead:

nawk 'BEGIN {print srand()}'

should give the same output as date +%s under Solaris.