How to Generate a Strong Passphrase?

People often ask about passphrase generators. Basically, how to generate a strong passphrase. Many web sites also offer passphrase generation. However, the problem with online sites is that you can never fully trust them, unless the way they generate passwords can be fully audited. Surprisingly many of them even send the generated passwords in plain text HTTP over the Internet for anyone to see!

Even when the communication is HTTPS-protected, it is impossible to know how the passwords are generated on the server side and whether they are stored. There could be a man-in-the-middle attack being performed on the connection. Such attacks are surprisingly common, and routinely performed by intelligence agencies using fakes certificates. Some malware and adware - even ones pre-installed on Windows laptops in the case of the Lenovo Superfish scandal - also spy on encrypted web traffic. Furthermore, web browsers cache pages, and you don't really want your passphrase to remain in a cache file for weeks, do you?

We offer an online random password generator that is entirely browser-based. Unlike other password generators, there is no server component that needs to be trusted. The password does not end up in caches. That is the only online password/passphrase generator we can recommend.

It is also easy to generate random passwords and passphrase on the command line. This can be done with basic Unix commands. The generated passphrases are too complex to remember, but are very useful for applications where passphrases are needed for protecting machine keys and for SSH key management. The same commands can be used to generate passwords.

The basic idea is to read from /dev/urandom, a device that produces high-quality cryptographically secure pseudo-random data. The device works by collecting entropy for interrupt timings, device latencies, keypresses, packet timings, and on some systems, hardware randomness sources. It then uses strong cryptographic hash functions to produce a continuous random stream from this data. On many systems, randomness is also carried on across reboots using a random seed file. The output is then formatted to something user-readable.

Any of the following commands can be used, depending on what tools are installed in the particular operating system:

 dd if=/dev/urandom bs=16 count=1 2>/dev/null | base64 | sed 's/=http://g'

This generates a passphrase with 128 bits of entropy. The output looks like this:

q4fZq185VKt7LgdNSP5W7A

An alternative to using the base64 command (which may not be available) is to use something like sha256sum (or md5sum, sha1sum, etc) to generate a passphrase that is hex. Something like the following would work:

 dd if=/dev/urandom bs=32 count=1 2>/dev/null | sha256sum -b | sed 's/ .*//'

This generates a passphrase with 256 bits of entropy. The output looks like this:

3ed04c7f887dc04fe11ad1f58f0473c88edf966502d66aff43a3583569c945de

If you are looking for a password or passphrase that you can remember, you can take characters from the beginning of the output. Generally, at least 15 characters would be recommended to prevent password brute-forcing attacks. In 2012, any eight-character Windows password could be broken by hobbyists in a few hours. Even most 16-character passwords can be easily cracked. For hexadecimal passwords, you should multiply password lengths by 1.5.

Passphrases for keys should be substantially longer than passwords. We recommend having 128 bits of entropy in the passphrase. At least 80 bits is essential. This means 20 hex digits or 14 base-64 digits at the minimum.

As a reminder, if you have any significant number of servers, make sure to manage your keys properly. They are access credentials that need provisioning and termination processes. See Universal SSH Key Manager for more information.