trusty (1) pwgen.1.gz

Provided by: pwgen_2.06-1ubuntu4_amd64 bug

NAME
       pwgen - generate pronounceable passwords


SYNOPSIS
       pwgen [ OPTION ] [ pw_length ] [ num_pw ]


DESCRIPTION
       The pwgen program generates passwords which are designed to be easily memorized by humans, while being as
       secure as possible.  Human-memorable passwords are never going to be as secure as  completely  completely
       random  passwords.   In particular, passwords generated by pwgen without the -s option should not be used
       in places where the password could be attacked via an off-line brute-force attack.   On the  other  hand,
       completely  randomly  generated   passwords  have a tendency to be written down, and are subject to being
       compromised in that fashion.

       The pwgen program is designed to be used both interactively, and in shell scripts.   Hence,  its  default
       behavior  differs  depending on whether the standard output is a tty device or a pipe to another program.
       Used interactively, pwgen will display a screenful of passwords, allowing  the  user  to  pick  a  single
       password,  and  then  quickly erase the screen.  This prevents someone from being able to "shoulder surf"
       the user's chosen password.

       When standard output (stdout) is not a tty, pwgen will only generate one password, as this  tends  to  be
       much  more  convenient  for  shell  scripts, and in order to be compatible with previous versions of this
       program.

       In addition, for backwards compatibility reasons, when stdout is not a tty and secure password generation
       mode  has  not  been requested, pwgen will generate less secure passwords, as if the -0A options had been
       passed to it on the command line.  This can be overriden using the  -nc  options.   In  the  future,  the
       behavior  when stdout is a tty may change, so shell scripts using pwgen should explicitly specify the -nc
       or -0A options.  The latter is not recommended for security reasons, since such  passwords  are  far  too
       easy to guess.


OPTIONS
       -0, --no-numerals
              Don't include numbers in the generated passwords.

       -1     Print the generated passwords one per line.

       -A, --no-capitalize
              Don't bother to include any capital letters in the generated passwords.

       -a, --alt-phonics
              This option doesn't do anything special; it is present only for backwards compatibility.

       -B, --ambiguous
              Don't  use characters that could be confused by the user when printed, such as 'l' and '1', or '0'
              or 'O'.  This reduces the number of possible passwords significantly,  and  as  such  reduces  the
              quality  of  the passwords.  It may be useful for users who have bad vision, but in general use of
              this option is not recommended.

       -c, --capitalize
              Include at least one capital letter in the password.  This is the default if the  standard  output
              is a tty device.

       -C     Print  the  generated  passwords  in columns.  This is the default if the standard output is a tty
              device.

       -N, --num-passwords=num
              Generate num passwords.  This defaults to a screenful if passwords are printed by columns, and one
              password.

       -n, --numerals
              Include  at least one number in the password.  This is the default if the standard output is a tty
              device.

       -H, --sha1=/path/to/file[#seed]
              Will use the sha1's hash of given file and the optional seed to create password. It will allow you
              to compute the same password later, if you remember the file, seed, and pwgen's options used.  ie:
              pwgen -H ~/your_favorite.mp3#your@email.com gives a list of  possibles  passwords  for  your  pop3
              account, and you can ask this list again and again.

              WARNING:  The  passwords generated using this option are not very random.  If you use this option,
              make sure the attacker can not obtain a copy of the file.  Also, note that the name  of  the  file
              may be easily available from the ~/.history or ~/.bash_history file.

       -h, --help
              Print a help message.

       -s, --secure
              Generate  completely  random,  hard-to-memorize  passwords.  These should only be used for machine
              passwords, since otherwise it's almost guaranteed that users will simply write the password  on  a
              piece of paper taped to the monitor...

       -v, --no-vowels
              Generate random passwords that do not contain vowels or numbers that might be mistaken for vowels.
              It provides less secure passwords to allow system administrators to not have to worry with  random
              passwords accidentally contain offensive substrings.

       -y, --symbols
              Include at least one special character in the password.


AUTHOR
       This  version of pwgen was written by Theodore Ts'o <tytso@alum.mit.edu>.  It is modelled after a program
       originally written by Brandon S. Allbery, and then later extensively modified by Olaf Titz,   Jim  Lynch,
       and  others.  It was rewritten from scratch by Theodore Ts'o because the original program was somewhat of
       a hack, and thus hard to maintain, and because the licensing status of the program was unclear.


SEE ALSO
       passwd(1)