pwgen(1) - f14

1PWGEN(1)                    General Commands Manual                   PWGEN(1)
2
3
4

NAME

6       pwgen - generate pronounceable passwords
7

SYNOPSIS

9       pwgen [ OPTION ] [ pw_length ] [ num_pw ]
10

DESCRIPTION

12       The  pwgen  program generates passwords which are designed to be easily
13       memorized by humans, while being as secure  as  possible.   Human-memo‐
14       rable  passwords  are  never  going  to be as secure as completely com‐
15       pletely random passwords.  In particular, passwords generated by  pwgen
16       without  the  -s option should not be used in places where the password
17       could be attacked via an off-line brute-force attack.    On  the  other
18       hand,  completely  randomly  generated  passwords have a tendency to be
19       written down, and are subject to being compromised in that fashion.
20
21       The pwgen program is designed to be used  both  interactively,  and  in
22       shell  scripts.   Hence,  its  default  behavior  differs  depending on
23       whether the standard output is a tty device or a pipe to  another  pro‐
24       gram.  Used interactively, pwgen will display a screenful of passwords,
25       allowing the user to pick a single password, and then quickly erase the
26       screen.   This  prevents someone from being able to "shoulder surf" the
27       user's chosen password.
28
29       When standard output (stdout) is not a tty, pwgen  will  only  generate
30       one  password,  as  this  tends  to  be  much more convenient for shell
31       scripts, and in order to be compatible with previous versions  of  this
32       program.
33
34       In  addition, for backwards compatibility reasons, when stdout is not a
35       tty and secure password generation mode has not been  requested,  pwgen
36       will  generate  less  secure  passwords, as if the -0A options had been
37       passed to it on the command line.  This can be overriden using the  -nc
38       options.   In the future, the behavior when stdout is a tty may change,
39       so shell scripts using pwgen should explicitly specify the -nc  or  -0A
40       options.   The  latter  is  not recommended for security reasons, since
41       such passwords are far too easy to guess.
42

OPTIONS

44       -0, --no-numerals
45              Don't include numbers in the generated passwords.
46
47       -1     Print the generated passwords one per line.
48
49       -A, --no-capitalize
50              Don't bother to include any capital  letters  in  the  generated
51              passwords.
52
53       -a, --alt-phonics
54              This  option doesn't do anything special; it is present only for
55              backwards compatibility.
56
57       -B, --ambiguous
58              Don't use characters that could be confused  by  the  user  when
59              printed,  such  as 'l' and '1', or '0' or 'O'.  This reduces the
60              number of possible passwords significantly, and as such  reduces
61              the  quality  of  the passwords.  It may be useful for users who
62              have bad vision, but in general use of this option is not recom‐
63              mended.
64
65       -c, --capitalize
66              Include  at  least  one capital letter in the password.  This is
67              the default if the standard output is a tty device.
68
69       -C     Print the generated passwords in columns.  This is  the  default
70              if the standard output is a tty device.
71
72       -N, --num-passwords=num
73              Generate  num  passwords.  This defaults to a screenful if pass‐
74              words are printed by columns, and one password.
75
76       -n, --numerals
77              Include at least one  number  in  the  password.   This  is  the
78              default if the standard output is a tty device.
79
80       -H, --sha1=/path/to/file[#seed]
81              Will  use the sha1's hash of given file and the optional seed to
82              create password. It will allow you to compute the same  password
83              later, if you remember the file, seed, and pwgen's options used.
84              ie: pwgen -H ~/your_favorite.mp3#your@email.com gives a list  of
85              possibles  passwords for your pop3 account, and you can ask this
86              list again and again.
87
88              WARNING: The passwords generated using this option are not  very
89              random.   If you use this option, make sure the attacker can not
90              obtain a copy of the file.  Also, note that the name of the file
91              may  be  easily available from the ~/.history or ~/.bash_history
92              file.
93
94       -h, --help
95              Print a help message.
96
97       -s, --secure
98              Generate completely random, hard-to-memorize  passwords.   These
99              should  only be used for machine passwords, since otherwise it's
100              almost guaranteed that users will simply write the password on a
101              piece of paper taped to the monitor...
102
103       -v, --no-vowels
104              Generate  random passwords that do not contain vowels or numbers
105              that might be mistaken for  vowels.   It  provides  less  secure
106              passwords  to  allow  system administrators to not have to worry
107              with random passwords accidentally contain offensive substrings.
108
109       -y, --symbols
110              Include at least one special character in the password.
111

AUTHOR

113       This   version   of   pwgen    was    written    by    Theodore    Ts'o
114       <tytso@alum.mit.edu>.   It is modelled after a program originally writ‐
115       ten by Brandon S. Allbery, and then later extensively modified by  Olaf
116       Titz,   Jim  Lynch,  and  others.   It  was  rewritten  from scratch by
117       Theodore Ts'o because the original program was somewhat of a hack,  and
118       thus  hard to maintain, and because the licensing status of the program
119       was unclear.
120

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

AUTHOR

SEE ALSO