Go to main content

man pages section 1: User Commands

Exit Print View

Updated: Wednesday, July 27, 2022

pwgen (1)


pwgen - generate pronounceable passwords


pwgen [ OPTION ] [ pw_length ] [ num_pw ]


PWGEN(1)                    General Commands Manual                   PWGEN(1)

       pwgen - generate pronounceable passwords

       pwgen [ OPTION ] [ pw_length ] [ num_pw ]

       The  pwgen  program generates passwords which are designed to be easily
       memorized by humans, while being as secure  as  possible.   Human-memo-
       rable  passwords  are  never  going  to be as secure as completely com-
       pletely random passwords.  In particular, passwords generated by  pwgen
       without  the  -s option should not be used in places where the password
       could be attacked via an off-line brute-force attack.    On  the  other
       hand,  completely  randomly  generated  passwords have a tendency to be
       written down, and are subject to being compromised in that fashion.

       The pwgen program is designed to be used  both  interactively,  and  in
       shell  scripts.   Hence,  its  default  behavior  differs  depending on
       whether the standard output is a tty device or a pipe to  another  pro-
       gram.  Used interactively, pwgen will display a screenful of passwords,
       allowing the user to pick a single password, and then quickly erase the
       screen.   This  prevents someone from being able to "shoulder surf" the
       user's chosen password.

       When standard output (stdout) is not a tty, pwgen  will  only  generate
       one  password,  as  this  tends  to  be  much more convenient for shell
       scripts, and in order to be compatible with previous versions  of  this

       -0, --no-numerals
              Don't include numbers in the generated passwords.

       -1     Print the generated passwords one per line.

       -A, --no-capitalize
              Don't  bother  to  include  any capital letters in the generated

       -a, --alt-phonics
              This option doesn't do anything special; it is present only  for
              backwards compatibility.

       -B, --ambiguous
              Don't  use  characters  that  could be confused by the user when
              printed, such as 'l' and '1', or '0' or 'O'.  This  reduces  the
              number  of possible passwords significantly, and as such reduces
              the quality of the passwords.  It may be useful  for  users  who
              have bad vision, but in general use of this option is not recom-

       -c, --capitalize
              Include at least one capital letter in the  password.   This  is
              the default if the standard output is a tty device.

       -C     Print  the  generated passwords in columns.  This is the default
              if the standard output is a tty device.

       -N, --num-passwords=num
              Generate num passwords.  This defaults to a screenful  if  pass-
              words are printed by columns, and one password otherwise.

       -n, --numerals
              Include  at  least  one  number  in  the  password.  This is the
              default if the standard output is a tty device.

       -H, --sha1=/path/to/file[#seed]
              Will use the sha1's hash of given file and the optional seed  to
              create  password. It will allow you to compute the same password
              later, if you remember the file, seed, and pwgen's options used.
              ie:  pwgen -H ~/your_favorite.mp3#your@email.com gives a list of
              possibles passwords for your pop3 account, and you can ask  this
              list again and again.

              WARNING:  The passwords generated using this option are not very
              random.  If you use this option, make sure the attacker can  not
              obtain a copy of the file.  Also, note that the name of the file
              may be easily available from the ~/.history  or  ~/.bash_history

       -h, --help
              Print a help message.

       -r chars, --remove-chars=chars
              Don't  use  the  specified  characters in password.  This option
              will disable the phomeme-based generator  and  uses  the  random
              password generator.

       -s, --secure
              Generate  completely  random, hard-to-memorize passwords.  These
              should only be used for machine passwords, since otherwise  it's
              almost guaranteed that users will simply write the password on a
              piece of paper taped to the monitor...

       -v, --no-vowels
              Generate random passwords that do not contain vowels or  numbers
              that  might  be  mistaken  for  vowels.  It provides less secure
              passwords to allow system administrators to not  have  to  worry
              with random passwords accidentally contain offensive substrings.

       -y, --symbols
              Include at least one special character in the password.

       This    version    of    pwgen    was    written   by   Theodore   Ts'o
       <tytso@alum.mit.edu>.  It is modelled after a program originally  writ-
       ten  by Brandon S. Allbery, and then later extensively modified by Olaf
       Titz,  Jim Lynch,  and  others.   It  was  rewritten  from  scratch  by
       Theodore  Ts'o because the original program was somewhat of a hack, and
       thus hard to maintain, and because the licensing status of the  program
       was unclear.

       See attributes(7) for descriptions of the following attributes:

       |Availability   | crypto/pwgen     |
       |Stability      | Committed        |


       Source  code  for open source software components in Oracle Solaris can
       be found at https://www.oracle.com/downloads/opensource/solaris-source-

       This     software     was    built    from    source    available    at
       https://github.com/oracle/solaris-userland.   The  original   community
       source      was      downloaded     from      https://downloads.source-

       Further information about this software can be found on the open source
       community website at https://sourceforge.net/projects/pwgen/.

pwgen version 2.08                August 2017                         PWGEN(1)