How to generate and check strong passwords in Linux

strong passwords in linux


Different operations require different security layers. Accessing your email account, your social media, your bank account, and a remote server that you administer through SSH all need different security layers, and contain data which hold different “weight”.
But, in order to accessing all these operations, you will always require the same thing: a password.
We all know that a strong password is what you really need in order to be protected from attacks, and, of course, we all know that it’s better to use different passwords for different services.
A very unwise decision (and common mistake) would be using your server password to access Facebook. This decision could cause you lots of trouble.
So how can we easily manage the task of creating strong passwords?
In this tutorial, we will talk about how to generate and check your passwords.

Generate a strong password

A strong password should be composed of a mix of alphabet characters, numbers, and symbols.
A second requirement is to not use known words, birth dates or names, because you would be vulnerable to dictionary attacks.
Another important question to ask: how many characters should a password contain? There is actually no concrete answer, but having more than 16 characters is a great choice.
So, if your system has OpenSSL or GPG, you can use those tools to accomplish the generation task.
For example, with the following command we can generate with GPG:

$ gpg --gen-random --armor 1 32

In my case, just now, the result was: 6lS7cgCyT9vkCZIDQIXcgbXk7bkoVZqdZ0U4HZ4RJw8=
Similarly, with OpenSSL:

$ openssl rand -base64 32

and the output is: CrUk9dNutlsCErYv5U19ZWP0Pe9GwQgwdDgUNEapXjk=
As you can see, it’s incredibly efficient and also very easy!
Note: Do NOT use the previous passwords! These are just examples.

Checking if your password is strong

Now that we have a password, it’s time to find out if it passes the test: is your password strong enough? Even if someone uses a brute-force attack?
In order to determine of the password is strong enough, we’re going to use cracklib.

Install cracklib on a Linux

To install cracklib on RHEL/Fedora/CentOS, just use yum:

# yum install cracklib

Type the following command to install on Debian-based systems:

# apt-get install libcrack2

So, now we will use cracklib-check command.

First, we test a simple password:

$ echo "123abcd" | cracklib-check

If you do this, you’ll get: abcd1234: it is too simplistic/systematic
And if you use a normal word?:

$ echo "admin" | cracklib-check

admin: it is based on a dictionary word
Of course, these results are not surprising. Use an everyday English word, and a dictionary based attack would be successful in no time at all.
So, it’s time to check if it was a good idea to generate two passwords!
In this case, we will use a different way of writing the command, so the passwords will not be stored in shell history:

$ cat|cracklib-check

Then, paste: CrUk9dNutlsCErYv5U19ZWP0Pe9GwQgwdDgUNEapXjk=
You will read:
CrUk9dNutlsCErYv5U19ZWP0Pe9GwQgwdDgUNEapXjk=: OK
In this case, I don’t think anyone would be surprised that this password was given the green light. openssl command followed all the rules necessaries for creating a good, strong password.

Password managers

So, that’s all! In this tutorial we have seen how easy it can be to generate and verify a password, but don’t forget to generate a different password for each service! Unfortunately, this leaves you with an assortment of random passwords… how do you remember them all?
Of course, there is software written for this task. A good password manager is what you will need! Happy hunting!

  • Paddleless

    Check out ‘apg’. By default it generates six more-or-less pronounceable 8-12 character passwords based on upper and lowercase letters and numerals, but by specifying options you can get it to generate passwords up to 255 characters long containing upper and lowercase letters, numerals and symbols. You can define which characters may be employed in a particular password, for example excluding symbols or using a resticted symbol set if the application you will be using the password for doesn’t allow certain characters or character types.
    For example, ‘apg -a 1 -n10 -m20’ would generate ten passwords, each 20 characters long, employing any character on the keyboard except ‘space’ (I’m in the US and it uses the US keyboard set for me, I don’t know if apg adapts the symbol set to match other keyboard layouts).

  • Giuseppe Molica

    Thanks for your feedback! Of course, there are a lot of different ways to generate strong passwords (and software written specifically for that task). Here, I just wanted to use gpg and openssl.
    In fact, the “core part” of the article was showing how to CHECK if that passwords are strong or not.

  • Have you constantly attained quite a bit of cash without providing for sale a thing and also left out spending time on any kind of multi level marketing sort of work while not having to make investments anything at all. I want to let you know about a venture wherein all of the resources is certainly presented to you and additionally it is a relatively easy in addition to very simple gig. Its not necessary to design your very own domain names for example., all will be delivered to you at no cost. Individuals are likely to go to your web site so you will benefit from getting money for that. It really is as easy as that. I am earning a lot of cash at home from this job really like $20 thousand once per month or even more and if you might prefer to earn like that so therefore follow these particular easier info by going to this page >>>>> GOCHIURL.COM/15d9v