One-liner to generate an easily memorable password?
First of all, install a dictionary of a language you're familiar with, using:
sudo apt-get install <language-package>
To see all available packages:
apt-cache search wordlist | grep ^w
Note: all installation instructions assume you're on a debian-based OS.
After you've installed dictionary run:
WORDS=5; LC_ALL=C grep -x '[a-z]*' /usr/share/dict/words | shuf --random-source=/dev/urandom -n ${WORDS} | paste -sd "-"
Which will output ex:
blasphemous-commandos-vasts-suitability-arbor
To break it down:
WORDS=5;
— choose how many words you want in your password.LC_ALL=C grep -x '[a-z]*' /usr/share/dict/words
— choose only words containing lowercase alphabet characters (it excludes words with'
in them or funky characters like inéclair
).LC_ALL=C
ensures that[a-z]
in the regex won't match letter-like symbols other than lowercase letters without diacritics.shuf --random-source=/dev/urandom -n ${WORDS}
— chose as many WORDS as you've requested.--random-source=/dev/urandom
ensures thatshuf
seeds its random generator securely; without it,shuf
defaults to a secure seed, but may fall back to a non-secure seed on some systems such as some Unix emulation layers on Windows.paste -sd "-"
— join all words using-
(feel free to change the symbol to something else).
Alternatively you can wrap it in a function:
#!/bin/bash
function memorable_password() {
words="${1:-5}"
sep="${2:--}"
LC_ALL=C grep -x '[a-z]*' /usr/share/dict/words | shuf --random-source=/dev/urandom -n ${words} | paste -sd "$sep"
}
or
#!/bin/sh
memorable_password() {
words="$1"
if [ -z "${words}" ]; then
words=5
fi
sep="$2"
if [ -z "${sep}" ]; then
sep="-"
fi
LC_ALL=C grep -x '[a-z]*' /usr/share/dict/words | shuf --random-source=/dev/urandom -n ${words} | paste -sd "$sep"
}
Both of which can be called as such:
memorable_password 7 _
memorable_password 4
memorable_password
Returning:
skipped_cavity_entertainments_gangway_seaports_spread_communique
evaporated-clashes-bold-presuming
excelling-thoughtless-pardonable-promulgated-forbearing
Bonus
For a nerdy and fun, but not very secure password, that doesn't require dictionary installation, you can use (courtesy of @jpa):
WORDS=5; man git | \
tr ' ' '\n' | \
egrep '^[a-z]{4,}$' | \
sort | uniq | \
shuf --random-source=/dev/urandom -n ${WORDS} | \
paste -sd "-"
I don't do this with standard utilities that are not designed with cryptographic use in mind. There is no reason to believe they're using a csPRNG or that they're seeding it properly, and someone who knows your method will be able to reproduce your passphrases. Likewise, behave of multi-purpose utilities if you aren't sure how to use them properly.
pwqgen
from passwdqc
.
You need a wordlist dictionary, since you mention bitcoin, most likely you want this one:
https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt
If your native language is not English, there are wordlists for other languages available in the same repository.
Given this english.txt file, you can do a random selection with shuf
:
$ shuf -n 4 english.txt
anchor
neck
trumpet
response
Note you'll need way more than just 4 words for a truly secure passphrase. 4 words is for an online service where the number of attempts an attacker might do is very limited. I think the bitcoin recommendation is 16 words, not sure.
Also in this example, each word may only appear once. If you wish to allow repeated words, add the --repeat
option:
$ shuf -n 4 -r english.txt
That would allow each word to appear more than once.
If you want the output in one line, you can just add xargs echo
:
$ shuf -n 4 english.txt | xargs echo
math easily cube daughter
Or if you prefer command substitution:
$ echo $(shuf -n 4 -r english.txt)
photo milk roast ozone
On a sidenote, I don't find this style of password to be easily memorable.
Well, actually I got very lucky with math easily cube daughter
since that just happens to make it easy to think of a story where your daughter can easily do math with cubes or whatever. It's something humans can relate to, as is the horse in XKCD's example.
But what the heck is a anchor neck trumpet response
? I'm not a comic book author with creativity to spare to come up with a mnemonic for that. So it will be forgotten in no time.
Even if you can remember the words, it's hard to remember their correct order. Was it math easily cube daughter
or daugher easily math cube
or something else?
And the password is supposed to be random, you're not allowed to pick and modify it.
As for bitcoin seeds, you're not really supposed to remember them. This is just a way to be able to write it down easily. Anyone can write down 16 words on a piece of paper and read them back correctly; with random letters it's much more likely to make mistakes.
If you have concerns about the randomness of shuf
, add the --random-source=/dev/urandom
parameter to all shuf
commands.
See also https://www.gnu.org/software/coreutils/manual/html_node/Random-sources.html#Random-sources