While I love gpg and truecrypt there's some times when you just want to edit a file and not worry about keys or having to deal needing extra software on hand. Thus, you can use vim's encrypted file format. For more info on vim's encrypted files visit: http://www.vim.org/htmldoc/editing.html#encryption Show Sample Output
Why remember? Generate! Up to 48 chars, works on any unix-like system (NB: BSD use md5 instead of md5sum) Show Sample Output
-B flag = don't include characters that can be confused for other characters (this helps when you give someone their password for the first time so they don't cause a lockout with, for example, denyhosts or fail2ban)
-s flag = make a "secure", or hard-to-crack password
-y flag = include special characters (not used in the example because so many people hate it -- however I recommend it)
"1 10" = output 1 password, make it 10 characters in length
For even more secure passwords please use the -y flag to include special characters like so:
pwgen -Bsy 10 1
output>> }&^Y?.>7Wu
Show Sample Output
/dev/urandom is cryptographically secure, and indistinguishable from true random, as it gathers data from external sources, influenced by human timing interactions with computers, to fill the entropy pool, and hashes the input with SHA-1. As such, this is a quick way to do a "true random" fair-6 dice roll. Using this method, you could easily create passphrases with Diceware http://diceware.com. Change the head(1) count to something other than 5 for more or less numbers.
According to the gpg(1) manual:
--gen-random 0|1|2 count
Emit count random bytes of the given quality level 0, 1 or 2. If count is not given or zero, an endless sequence of random bytes will be emitted. If used with --armor the output will be base64 encoded. PLEASE, don't use this command unless you know what you are doing; it may remove precious entropy from the system!
If your entropy pool is critical for various operations on your system, then using this command is not recommended to generate a secure password. With that said, regenerating entropy is as simple as:
du -s /
This is a quick way to generate a strong, base64 encoded, secure password of arbitrary length, using your entropy pool (example above shows a 30-character long password).
Show Sample Output
for Mac OS X Show Sample Output
The pwgen program generates passwords which are designed to be easily memorized by humans, while being as secure as possible. Human-memorable passwords are never going to be as secure as completely completely random passwords. [from pwgen man page] Show Sample Output
Prepending env LC_CTYPE=C fixes a problem with bad bytes in /dev/urandom on Mac OS X
You need to install "sshpass" for this to work. apt-get install sshpass
Generates password consisting of alphanumeric characters, defaults to 16 characters unless argument given. Show Sample Output
The lifehacker way: http://lifehacker.com/software/top/geek-to-live--encrypt-your-data-178005.php#Alternate%20Method:%20OpenSSL
"That command will encrypt the unencrypted-data.tar file with the password you choose and output the result to encrypted-data.tar.des3. To unlock the encrypted file, use the following command:"
openssl des3 -d -salt -in encrypted-data.tar.des3 -out unencrypted-data.tar
Show Sample Output
Another password maker, for human-unfriendly passwords. '-base64' output will make sure it it can be typed on a keyboard, though the output string length will always be a multiple of 4. Show Sample Output
Feel free to put this in your ~/.profile:
random(){ cat /dev/urandom | env LC_CTYPE=C tr -dc $1 | head -c $2; echo; }
Then use it to generate passwords:
random [:alnum:] 16
Or DNA sequences:
random ACGT 256
shell generate random strong password Show Sample Output
Prompts the user for username and password, that are then exported to http_proxy for use by wget, yum etc Default user, webproxy and port are used. Using this script prevent the cleartext user and pass being in your bash_history and on-screen Show Sample Output
Of course you will have to install Digest::SHA and perl before this will work :) Maximum length is 43 for SHA256. If you need more, use SHA512 or the hexadecimal form: sha256_hex() Show Sample Output
Some snippets posted are slow on big dictionaries, this one is fast. Show Sample Output
This restricts things 3 ways: 1. No capitalized words, hence no proper names. 2. No apostrophes. 3. Restricts size to range (3,7) Show Sample Output
Generate a 18 character password from character set a-zA-Z0-9 from /dev/urandom, pipe the output to Python which prints the password on standard out and in crypt sha512 form. Show Sample Output
In this example, where the users gpg keyring has a password, the user will be interactively prompted for the keyring password. If the keyring has no password, same as above, sans the prompt. Suitable for cron jobs. ~/.gnupg/passwd/http-auth.gpg is the encrypted http auth password, for this particular wget use case. This approach has many use cases. example bash functions: function http_auth_pass() { gpg2 --decrypt ~/.gnupg/passwd/http-auth.gpg 2>/dev/null; } function decrypt_pass() { gpg2 --decrypt ~/.gnupg/passwd/"$1" 2>/dev/null; }
Generate a truly random password using noise from your microphone to seed the RNG. This will spit out 12 password with 12 characters each, but you can save this into a bash script and replace 'pwgen -ys 12 12' with 'pwgen $@' so you can pass any paramters to pwgen as you would normally do. Show Sample Output
If the password for the share your trying to mount contains special characters you can use URL escape characters. The above command uses an example as follows: username: user password: p@ss URL Encoded password: p%40ss All credit goes to Richard York: http://www.smilingsouls.net/Blog/20110526100731.html Also check out this URL Decoder/Encoder to convert your passwords. http://meyerweb.com/eric/tools/dencoder/
commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.
Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.
» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10
Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):
Subscribe to the feed for: