One liner to create passwords in linux?

It depends on what you mean by "readable". If you want to use only hexadecimal characters, you will need 32 of them to reach 128 bits of entropy; this line will work (using only commands from the coreutils package):

head -c16 /dev/urandom | md5sum

This variant produces passwords with only lowercase letters, from 'a' to 'p' (this is what you will want if you have to "type" the password on a smartphone):

head -c16 /dev/urandom | md5sum | tr 0-9 g-p

If you want to type one less characters, try this:

head -16 /dev/urandom | md5sum

(Probability of getting all first 16 random bytes as 0x0A, i.e. the "newline" character, is 2-128, hence this line still gets 128 bits of entropy.)

Still limiting yourself to commands from coreutils, you can do this:

mktemp -u XXXXXXXXXXXXXXXXXXXXXX

This one generates a 22-character password, using /dev/urandom as internal source of randomness (I checked in the source code, and a strace call confirms). The characters are letters (uppercase and lowercase) and digits; since 6222 is greater than 2128, the 22 characters are sufficient.

Yet another one:

od -An -x /dev/urandom | head -1

this displays eight sequences of four hexadecimal digits. Arguably, this split into small sequences may help reading.

For a much longer line and a quite distinct kind of password, try this:

for i in {1..8} ; do head -$(expr $(head -c7 /dev/urandom | od -An -t dL) % $(wc -l < /usr/share/dict/british-english)) /usr/share/dict/british-english | tail -1 ; done

(this one works only on a 64-bit host; will you notice why ?). Apart from coreutils, that version also requires a dictionary file, here the one for British English.


Some fab suggestions in the other answers. I find that makepasswd is not available everywhere, and using tr is (slightly) tricky, so there's another option using OpenSSL:

openssl rand -base64 16

The number is the number of bytes of randomness - so 16 bytes for 128-bits of entropy.


Using pwgen

Simplest oneliner ever:

pwgen

It attempts to make passwords that are easy to remember. To disable that and create more secure passwords, use the --secure or -s flag.

pwgen -s

Are the generated passwords too long? Too short? Just append the desired length:

pwgen 9
# Or
pwgen -s 9
# Or
pwgen 9 -s

Similar tools

I just happen to know pwgen, there are other tools out there. You can find them using the search function from your distribution. In Debian this is:

apt-cache search password generator

It does do an exact (though case-insensitive) search. Using password generat instead broadens the search.

Before installing the package it can be useful to view its description. Again in Debian:

apt-cache show $DESIRED_PACKAGE
# E.g.
apt-cache show pwgen

Tools that I could find this way:

  • pwgen
  • makepasswd
  • apg
  • otp (meant for one-time pads, not recommended)
  • gpw (focuses heavily on pronounceability, not recommended)

Using standard Unix tools

Not all systems may have pwgen available. Like others have answered, you can use md5sum or sha256sum, but that only outputs 0-9 and a-f. No g-z or mixed case, let alone special characters. It's better to simply filter out non-printable characters from /dev/urandom until you have a password of the desired length:

cat /dev/urandom | tr -cd '@-~' | head -c 8

Which gives something like XiVsdn[y or V@FPV^lY. You can change the 8 at the end for the desired password length. You can also change the @-~ part to limit the characters. For example this will only print alphanumeric characters:

cat /dev/urandom | tr -cd 'a-zA-Z0-9' | head -c 8

This is almost identical to what pwgen -s would do and gives passwords like nZiUzNtE.

As a bonus, the tr tool is included in almost every operating system (Mac OS X, GNU/Linux, Android/Linux, Solaris, FreeBSD, etc.) except Microsoft Windows.