Script Day: “secure” password generated one liner

Ever needed to create a “secure” password to register to a web site(1) and you couldn’t be bothered to invent a secure password? Just paste this command line to your terminal:

ruby -e 'puts [*"a".."z",*"A".."Z",*"0".."9",
  "!@#$%^&*()_+[]/-=.,".split("")
  ].shuffle[0..(ARGV.shift.to_i)].join' 16

The last argument is the number of characters to put into the password.


  1. that probably annoyingly require “at least 1 upper case letter, 1 lower case letter, 1 number and 1 special character” []

2 Responses to “Script Day: “secure” password generated one liner”

  1. Amir:

    Your distro should have the program to do: `pwgen -s -y 16 1`

    Otherwise, you can use the “standard” `cat /dev/urandom | tr -dc ‘[:alnum:][:punct:]’ | head -c 16; echo`, which properly uses the system’s random source instead of some programming language’s PRNG, although it throws a few perfectly good bits of entropy to waste.

    BTW, re: the correct way to for a horse to staple the troubadour to a battery, someone already wrote that script: https://github.com/redacted/XKCD-password-generator

  2. Oded:

    Thanks for letting me know about pwgen – I wasn’t aware of it. Its not installed by default on my system, but it does appear to be useful.

    Regarding “standard” ways and dissing custom software PRNGs, if cryptographically secure random numbers are important for password generation (and I doubt they are), then my script can be “extended” like this:

    ruby -rsecurerandom -e 'puts [*"a".."z",*"A".."Z",*"0".."9","!@#$%^&*()_+[]/-=.,".split("")].
      shuffle(random: SecureRandom)[0..(ARGV.shift.to_i)].join' 16
    

    But again, not important.

    Regarding xkcdpass, I’m aware of it but these kinds of passwords I can generate myself – the problem are those annoying sites, like my bank’s – which not only requires me to use a digit and a punctuation (but no Hebrew characters) but also limits the number of characters in my password to 12 (!!), thus rejecting most passphrases.

    And lastly, you’re missing the whole point of Script Day – which is to have fun with scripting and show what can be done with just a bit of free time and an small itch 😜

Leave a Reply

 

 


Spam prevention powered by Akismet