Unleashing the ancient Power of Offline Password Generation: Secure, Simple, and Unstoppable

My favorite linux terminal command to generate a password is:

apg -m 6 -x 20 -a0 -M NCLS -l -t -n 15

# -m [min_length]
# -x [max_length]
# -a0 [Random password generation with all characters]
# -M NCLS: Use specific character sets:
# - N: Include numeric digits (0-9).
# - C: Include uppercase alphabetic characters (A-Z).
# - L: Include lowercase alphabetic characters (a-z).
# - S: Special characters (!@#$%^&*() and others).
# -l spell generated password
# -t print pronunciation for generated pronounceable password
# -n generate num_of_pass passwords

source: https://gist.gh.com/ls/9e999c2…

Why am I posting this now?

First of all: apg has been around for a long time. The first commit of the current debian source code versioning system is more than 8 years ago: March 11th, 2016.

Why do I post it now? This weekend, I did some iOS 18 updates on several iOS devices. The password app was one of the new things on some of the devices. This app reminded me of apg, that is my first choice when creating passwords on my linux terminal.

I like the command because it creates a nato-like alphabetic spelling of the password. That helps to distinguish 0 (zero) and O (oscar) and other characters that can look similar (depending on the font face you use on your terminal). Also it generates pronunciation help in case you need to read a password out loud to someone else. It generates passwords of different lengths and allows to include and configure character classes.

Note: This is not the only password generation tool, you find online multiple password generation options. However Don’t use online password generators.
In my opinion, there are also use cases like creating gpg keys that should be performed offline.

Sample output

$ apg -m 6 -x 20 -a0 -M NCLS -l -t -n 15
|Oc0k6 (VERTICAL_BAR-Oc-ZERO-k-SIX) VERTICAL_BAR-Oscar-charlie-ZERO-kilo-SIX
4SwikfointyaHytIt~ (FOUR-Swik-foint-ya-Hyt-It-TILDE) FOUR-Sierra-whiskey-india-kilo-foxtrot-oscar-india-november-tango-yankee-alfa-Hotel-yankee-tango-India-tango-TILDE
WegHev6Twab| (Weg-Hev-SIX-Twab-VERTICAL_BAR) Whiskey-echo-golf-Hotel-echo-victor-SIX-Tango-whiskey-alfa-bravo-VERTICAL_BAR
KeavMoor*ojCowCoyk8 (Keav-Moor-ASTERISK-oj-Cow-Coyk-EIGHT) Kilo-echo-alfa-victor-Mike-oscar-oscar-romeo-ASTERISK-oscar-juliett-Charlie-oscar-whiskey-Charlie-oscar-yankee-kilo-EIGHT
Geic}OnMishvath7 (Ge-ic-RIGHT_BRACE-On-Mish-vath-SEVEN) Golf-echo-india-charlie-RIGHT_BRACE-Oscar-november-Mike-india-sierra-hotel-victor-alfa-tango-hotel-SEVEN
iv9OrmAws" (iv-NINE-Orm-Aws-QUOTATION_MARK) india-victor-NINE-Oscar-romeo-mike-Alfa-whiskey-sierra-QUOTATION_MARK
emCasjuj5<glacobKer2 (em-Cas-juj-FIVE-LESS_THAN-glac-ob-Ker-TWO) echo-mike-Charlie-alfa-sierra-juliett-uniform-juliett-FIVE-LESS_THAN-golf-lima-alfa-charlie-oscar-bravo-Kilo-echo-romeo-TWO
sadCiph{Slaj4 (sad-Ciph-LEFT_BRACE-Slaj-FOUR) sierra-alfa-delta-Charlie-india-papa-hotel-LEFT_BRACE-Sierra-lima-alfa-juliett-FOUR
ZyretDujIc&gragFow9 (Zy-ret-Duj-Ic-AMPERSAND-grag-Fow-NINE) Zulu-yankee-romeo-echo-tango-Delta-uniform-juliett-India-charlie-AMPERSAND-golf-romeo-alfa-golf-Foxtrot-oscar-whiskey-NINE
SishDak#Ot7 (Sish-Dak-CROSSHATCH-Ot-SEVEN) Sierra-india-sierra-hotel-Delta-alfa-kilo-CROSSHATCH-Oscar-tango-SEVEN
Ilb7ow> (Ilb-SEVEN-ow-GREATER_THAN) India-lima-bravo-SEVEN-oscar-whiskey-GREATER_THAN
DeincaHidd2ojyit_ (Dein-ca-Hidd-TWO-oj-yit-UNDERSCORE) Delta-echo-india-november-charlie-alfa-Hotel-india-delta-delta-TWO-oscar-juliett-yankee-india-tango-UNDERSCORE
2OgsOgAlvUrl~ (TWO-Ogs-Og-Alv-Url-TILDE) TWO-Oscar-golf-sierra-Oscar-golf-Alfa-lima-victor-Uniform-romeo-lima-TILDE
{Twodeag0 (LEFT_BRACE-Twod-eag-ZERO) LEFT_BRACE-Tango-whiskey-oscar-delta-echo-alfa-golf-ZERO
irc$druMiHebcezLas1 (irc-DOLLAR_SIGN-dru-Mi-Heb-cez-Las-ONE) india-romeo-charlie-DOLLAR_SIGN-delta-romeo-uniform-Mike-india-Hotel-echo-bravo-charlie-echo-zulu-Lima-alfa-sierra-ONE

The sample output above highlights several advantages (every run creates different results):

  • a NATO alphabet like spelling of the generated passwords is generated for every generated password
  • pronunciation help is generated for every generated password
  • passwords of different lengths (between 6 and 20 characters) are generated
  • the most important character classes (NCLS) are used

Conclusion

Independent from online password generators, with apg you can just use your linux command line to generate strong passwords with various options.

p.s. There are other linux terminal password generators like pwgen and others.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.