Thu, 26 Jan 2023 11:22 UTC
A whole bunch of password generator websites have popped up, purporting to be able to help generate strong passwords for you. Browsers such as Chrome and Firefox have also added their own built-in password generators and there are apps and browser extensions aplenty offering to make the worlds strongest password.
I don’t trust any of them! Maybe I’m just paranoid but I prefer to generate my own passwords. I just need to ensure my passwords contain sufficient entropy.
The Dictionary
First, you will need a decent-sized dictionary or word list. Borrow one from
/usr/share/dict, for example, /usr/share/dict/english.
Next, unless you like typing obscure one-liners into the terminal, do yourself a favour and add an alias. An example is:
alias pgen="shuf -n 4 /usr/share/dict/english | xargs -d '\n' echo | tr ' ' '-'"
When the alias pgen is typed into the terminal, it executes a shuffle with
the command shuf, returning 4 random words from the dictionary. It then
displays them with a hyphen as a separator between each word. Some examples of
the output:
$ pgen
Navarro-scrupulously-romanced-controverts
rabbi's-antitoxin-entertainments-sham
rink's-exes-byway-speedster
Wolfe-nephritis-flouncing-Harrington
crow-miles-passionless-floodlighting
Notice how some lines do not contain any uppercase letters and there are no number characters. It is good practice to use mixed-case letters and numbers in passwords, so manually insert or substitute some, if preferred. That said, the entropy score on the above examples is already off the charts and these passphrases are considered just as secure as this one:
Wolf3+nephritis-flouncing%Harr1ngton
Hack that!