man pages section 1: User Commands

Exit Print View

Updated: July 2014

pwgen (1)


pwgen - generate pronounceable passwords


pwgen [ OPTION ] [ pw_length ] [ num_pw ]


User Commands                                            PWGEN(1)

     pwgen - generate pronounceable passwords

     pwgen [ OPTION ] [ pw_length ] [ num_pw ]

     The  pwgen program generates passwords which are designed to
     be easily memorized by humans, while being as secure as pos-
     sible.   Human-memorable  passwords are never going to be as
     secure as completely completely random passwords.   In  par-
     ticular,  passwords generated by pwgen without the -s option
     should not be used in places where  the  password  could  be
     attacked  via an off-line brute-force attack.   On the other
     hand, completely randomly generated  passwords have  a  ten-
     dency  to  be written down, and are subject to being compro-
     mised in that fashion.

     The pwgen program is designed to be used both interactively,
     and  in  shell scripts.  Hence, its default behavior differs
     depending on whether the standard output is a tty device  or
     a  pipe  to another program.  Used interactively, pwgen will
     display a screenful of passwords, allowing the user to  pick
     a  single password, and then quickly erase the screen.  This
     prevents someone from being  able  to  "shoulder  surf"  the
     user's chosen password.

     When  standard output (stdout) is not a tty, pwgen will only
     generate one password, as this tends to be much more  conve-
     nient  for shell scripts, and in order to be compatible with
     previous versions of this program.

     In addition, for backwards compatibility reasons, when  std-
     out is not a tty and secure password generation mode has not
     been requested, pwgen will generate less  secure  passwords,
     as  if  the -0A options had been passed to it on the command
     line.  This can be overriden using the -nc options.  In  the
     future,  the  behavior  when  stdout is a tty may change, so
     shell scripts using pwgen should explicitly specify the  -nc
     or  -0A options.  The latter is not recommended for security
     reasons, since such passwords are far too easy to guess.

     -0, --no-numerals
          Don't include numbers in the generated passwords.

     -1   Print the generated passwords one per line.

     -A, --no-capitalize
          Don't bother to include any capital letters in the gen-
          erated passwords.

pwgen version 2.05  Last change: January 2006                   1

User Commands                                            PWGEN(1)

     -a, --alt-phonics
          This  option doesn't do anything special; it is present
          only for backwards compatibility.

     -B, --ambiguous
          Don't use characters that could be confused by the user
          when printed, such as 'l' and '1', or '0' or 'O'.  This
          reduces the number of possible passwords significantly,
          and  as  such reduces the quality of the passwords.  It
          may be useful for users who have  bad  vision,  but  in
          general use of this option is not recommended.

     -c, --capitalize
          Include  at  least  one capital letter in the password.
          This is the default if the standard  output  is  a  tty

     -C   Print  the generated passwords in columns.  This is the
          default if the standard output is a tty device.

     -N, --num-passwords=num
          Generate num passwords.  This defaults to  a  screenful
          if  passwords are printed by columns, and one password.

     -n, --numerals
          Include at least one number in the password.   This  is
          the default if the standard output is a tty device.

     -H, --sha1=/path/to/file[#seed]
          Will use the sha1's hash of given file and the optional
          seed to create password. It will allow you  to  compute
          the  same  password  later,  if  you remember the file,
          seed,  and  pwgen's  options  used.    ie:   pwgen   -H
          ~/ gives a list of pos-
          sibles passwords for your pop3 account, and you can ask
          this list again and again.

          WARNING:  The passwords generated using this option are
          not very random.  If you use this option, make sure the
          attacker can not obtain a copy of the file.  Also, note
          that the name of the file may be easily available  from
          the ~/.history or ~/.bash_history file.

     -h, --help
          Print a help message.

     -s, --secure
          Generate completely random, hard-to-memorize passwords.
          These should only be used for machine passwords,  since
          otherwise it's almost guaranteed that users will simply
          write the password on a piece of  paper  taped  to  the

pwgen version 2.05  Last change: January 2006                   2

User Commands                                            PWGEN(1)

     -v, --no-vowels
          Generate random passwords that do not contain vowels or
          numbers that might be mistaken for vowels.  It provides
          less secure passwords to allow system administrators to
          not have to worry with  random  passwords  accidentally
          contain offensive substrings.

     -y, --symbols
          Include at least one special character in the password.

     This  version  of  pwgen  was  written  by   Theodore   Ts'o
     <>.  It is modelled after a program origi-
     nally written by Brandon S. Allbery, and then  later  exten-
     sively  modified  by  Olaf Titz,  Jim Lynch, and others.  It
     was rewritten from scratch  by  Theodore  Ts'o  because  the
     original  program  was  somewhat of a hack, and thus hard to
     maintain, and because the licensing status  of  the  program
     was unclear.

     See   attributes(5)   for   descriptions  of  the  following

     |Availability   | crypto/pwgen     |
     |Stability      | Committed        |

     This  software  was   built   from   source   available   at    The  original
     community  source  was   downloaded   from    http://source-

     Further  information about this software can be found on the
     open   source   community    website    at    http://source-

pwgen version 2.05  Last change: January 2006                   3