After learning how to generate random numbers, we are going to learn how to generate random data, and random passwords. Some of the concepts in this article are dependent on what we have learned in the previous one. So please, if you have not read it yet, go back one step and read it first.
Generating Random Data
To generate random data, the easiest way is to use the genrandom command. This command generates a file containing random data.
If your Linux system doesn’t have the genrandom command, you can install it. It is part of the bind package. To install this package, use the following command:
yum install -y bind
genrandom SIZE FILENAME
SIZE is the size (in kilobytes) of the file to be created.
FILENAME is the name of the file to create (to store the generated random data).
Ah!! Did you see that?! Just rubbish!! This is the random data generated by the genrandom command.
Your manager asked you to create a file with 2 Megabytes size containing random data. how would achieve this?
– 1 Megabyte = 1024 Kilobyes
– Using the –h option with the ls command causes the size to be displayed in a human-readable format.
Generating Random Passwords
Consider you are the system administrator for a server farm. One of your main responsibilities is to manage user accounts and access control. Access Control means to ensure that your systems are accessible only to authorized persons. In the world of access control, there are two important terms: Identification, and Authentication.
Identification means to ask for the identity of the user trying to connect to your system. While Authentication means verifying the claimed identity. i.e. a user claims he is John, this is the identification. Authentication is the process of validating that this guy is truly John. A simple and typical example for access control is when you open your facebook. You provide both username (email) and a password. The email is your identity, while the password proves that identity.
So, your password should be kept secret, and never be shared with anybody. This is the responsibility of the user. But what about the first password set for the account on creation?! Who set this password?! And based on what?! Will all created users have the same initial password before user changes them at first login?!
The answer is clear: the initial password is set by the system administrator, who creates the account. Is it the same for all newly-created accounts?! Of course, it shouldn’t. The initial password for any newly-created account should be different. So, how will the admin choose a password for each new account?! I think you have guessed the answer.
How to Generate Random Passwords?
There are several ways to generate random passwords. In this section, I am going to introduce three of these ways.
1) Using the mkpasswd Command
The easiest method, not only in the three that will be mentioned here, but also among all known random password generation methods. The mkpasswd is a Linux command that generates passwords and can apply them automatically to users. If you can’t locate that command on your Linux box, it might be not installed. To obtain it, install the expect package that contains among many useful tools the mkpasswd command.
yum install -y expect
mkpasswd mkpasswd [–l LENGTH] [-c LOWER] [-C UPPER] [-d DIGITS] [-s SPECIAL]
LENGTH is required password length.
LOWER is the minimum number of lowercase letters in the generated password.
UPPER is the minimum number of uppercase letters in the generated password.
DIGITS is the minimum number of digits in the generated password.
SPECIAL is the minimum number of special characters in the generated password.
To generate a password without any restrictions on the length or required characters, use the command without any arguments
Your manager has asked you to generate a random password for him, with minimum length of 12 characters, minimum 2 digits, minimum 2 uppercase letters, and 2 special characters.
2) Using the Hash Method
Another easy way (but not as easier or powerful as the mkpasswd method). In this method, we calculate the Hash (md5, sha1, sha256, or sha512) for some input. The Hash function is considered as a one-way (irreversible) encryption. If we could make the input random enough, the calculated hash will be always different. Of the calculated hash, we could cut the required number of characters (to be the generated random password).
To make the idea closer to your mind, let’s illustrate it by an example. Again, your manager asked you to generate 20 different passwords for him. All passwords should be 10 characters length. Let’s see how the Hash method could achieve this for you:
So, what was that?!
The value of the shell variable RANDOM (that we had a talk about in the previous article) was piped as an input to the sha512sum command. Of the very long output (calculated hash), we will select the characters from 1 to 10 using the cut command with the –c option. This is the password you are looking for. To generate 20 passwords, we need to repeat the above procedure 20 times, so a for loop is needed to make twenty iterations.
So simple and logic, isn’t it?!
– Summary?! Wait!! Where is the third method?!
It is going to be the subject of the next article.
• In this article, we have talked about Random Data and Random Password Generation.
• The genrandom command generates a file of specified size containing random data.
• Ensuring password security is essential for the whole system security.
• Initial passwords for newly-created user accounts should never be the same.
• A system admin would need a random password generator to provide random passwords to set as initial passwords for the new accounts.
• The mkpasswd command generates a random password, and could assign it to a user (if one specified)
• The hash function could be a way to generate random passwords, given that their input is random.
See you in the next article.