PWMAKE(1) General Commands Manual PWMAKE(1)NAME
pwmake - simple tool for generating random relatively easily pronounceable passwords
SYNOPSIS
pwmake <entropy-bits>
DESCRIPTION
pwmake is a simple configurable tool for generating random and relatively easily pronounceable passwords. The tool allows you to specify
the number of entropy bits that are used to generate the password.
The entropy is pulled from /dev/urandom.
The minimum number of bits is 56 which is usable for passwords on systems/services where brute force attacks are of very limited rate of
tries. The 64 bits should be adequate for applications where the attacker does not have direct access to the password hash file. For situ-
ations where the attacker might obtain the direct access to the password hash or the password is used as an encryption key 80 to 128 bits
should be used depending on your level of paranoia.
OPTIONS
The first and only argument is the number of bits of entropy used to generate the password.
FILES
/etc/security/pwquality.conf - The configuration file for the libpwquality library.
RETURN CODES
pwmake returns 0 on success, non zero on error.
SEE ALSO pwscore(1), pam_pwquality(8)AUTHORS
Tomas Mraz <tmraz@redhat.com>
Red Hat, Inc. 10 Nov 2011 PWMAKE(1)
Check Out this Related Man Page
OTPW-GEN(1) General Commands Manual OTPW-GEN(1)NAME
otpw-gen - one-time password generator
SYNOPSIS
otpw-gen [ options ]
DESCRIPTION
OTPW is a one-time password authentication system. It can be plugged into any application that needs to authenticate users interactively.
One-time password authentication is a valuable protection against password eavesdropping, especially for logins from untrusted terminals.
Before you can use OTPW to log into your system, two preparation steps are necessary. Firstly, your system administrator has to enable it.
(This is usually done by configuring your login software (e.g., sshd) to use OTPW via the Pluggable Authentication Module (PAM) configura-
tion files in /etc/pam.d/.)
Secondly, you need to generate a list of one-time passwords and print it out. This can be done by calling
otpw-gen | lpr
or something like
otpw-gen -h 70 -s 2 | a2ps -1B -L 70 --borders no
if more control over the layout is desired.
You will be asked for a prefix password, which you need to memorize. It has to be entered immediately before the one-time password. The
prefix password reduces the risk that anyone who finds or steals your password printout can use that alone to impersonate you.
Each one-time password will be printed behind a three digit password number. Such a number will appear in the password prompt when OTPW has
been activated:
Password 026:
When you see this prompt, enter the memorized prefix password, followed immediately by the one-time password identified by the number. Any
spaces within a password have only been inserted to improve legibility and do not have to be copied. OTPW will ignore the difference
between the easily confused characters 0O and Il1 in passwords.
In some situations, for example if multiple logins occur simultaneously for the same user, OTPW defends itself against the possibility of
various attacks by asking for three random passwords simultaneously.
Password 047/192/210:
You then have to enter the prefix password, followed immediately by the three requested one-time passwords. This fall-back mode is acti-
vated by the existence of the lock file ~/.otpw.lock. If it was left over by some malfunction, it can safely be deleted manually.
Call otpw-gen again when you have used up about half of the printed one-time passwords or when you have lost your password sheet. This will
disable all remaining passwords on the previous sheet.
OPTIONS -h number Specify the total number of lines per page to be sent to standard output. This number minus four header lines determines the
number of rows of passwords on each page. The maximum number of passwords that can be printed is 1000. (Minimum: 5, default:
60)
-w number Specify the maximum width of lines to be sent to standard output. This parameter determines together with the password length
the number of columns in the printed password matrix. (Minimum: 64, default: 79)
-s number Specify the number of form-feed separated pages to be sent to standard output. (Default: 1)
-e number Specify the minimum entropy of each one-time password in bits. The length of each password will be chosen automatically, such
that there are at least two to the power of the specified number possible passwords. A value below 30 might make the pass-
words vulnerable to a brute-force guessing attack. If the attacke might have read access to the ~/.otpw file, the value
should be at least 48. Paranoid users might prefer long high-security passwords with at least 60 bits of entropy. (Default:
48)
-p0 Generate passwords by transforming a random bit string into a sequence of letters and digits, using a form of base-64 encod-
ing (6 bits per character). (Default)
-p1 Generate passwords by transforming a random bit string into a sequence of English four-letter words, each chosen from a fixed
list of 2048 words (2.75 bits per character).
-f filename Specify a file to be used instead of ~/.otpw for storing the hash values of the generated one-time passwords.
AUTHOR
The OTPW package, which includes the otpw-gen progam, has been developed by Markus Kuhn. The most recent version is available from
<http://www.cl.cam.ac.uk/~mgk25/otpw.html>.
SEE ALSO pam(8), pam_otpw(8)
2003-09-30 OTPW-GEN(1)