随机密码生成
XiaO / 2021-10-28
完全随机密码生成
在 Terminal 中生成指定特征的随机密码。
pwgen
安装:
brew install pwgen
使用:
语法:
pwgen [OPTION] [pw_length] [num_pw]
OPTIONS:
-c or –capitalize 密码中至少包含一个大写字母
-A or –no-capitalize 密码中不包含大写字母
-n or –numerals 密码中至少包含一个数字
-0 or –no-numerals 密码中不包含数字
-y or –symbols 密码中至少包含一个特殊符号
-s or –secure 生成完全随机密码
-B or –ambiguous 密码中不包含歧义字符(例如1,l,O,0)
-H or –sha1=path/to/file[#seed] 使用 SHA1 hash 给定的文件作为一个随机种子
-C 在列中打印生成的密码
-1 不要在列中打印生成的密码,即一行一个密码
-v or –no-vowels 不要使用任何元音,以避免偶然的脏话
示例:
pwgen -nAB 16 1 #生成长度为 16,含有数字,含有小写字母,不包含歧义的密码 1 个
# bengesoamu3sahwi
pwgen -cnysB 16 1 #生成长度为 16,含有数字、大小写字母、特殊字符,不包含歧义的随机密码 1 个
# x4TU),3z(ub/c$Mb
一个基于 pwgen 的网站,可以在生成密码时,更直观地对其特征进行调节。
另外,可利用 pwgen 生成一些有意义但又稍微不同的用户名,譬如:
pwgen -nAB 6 10 # 生成 10 个含有六个字符的具有一定意义的用户名(含有数字、不含大写字母与特殊字符,不包含歧义)
imee7u kui9ee eigh7u axei4i ze7iep ohpai3 kee4ef dahqu7 eyeag7 bei4ma
sf-pwgen
sf-pwgen 是一个命令行工具,它使用 macOS 中的 SecurityFoundation 框架生成密码。
安装:
brew install sf-pwgen
使用:
sf-pwgen [options]
Available options are:
-a, --algorithm Available algorithms: memorable, random, letters, alphanumeric, numbers. The default is `memorable'.
-c, --count The number of passwords to generate (default: 5).
-l, --length Desired length of the generated passwords (default: 12).
-L, --language Generate passwords in a specified language.
Languages: en, de, es, fr, it, nl, pt, jp.
示例:
sf-pwgen -a numbers -c 1 -l 16 # 生成一个 16 位全数字密码
# 0705984441692543
sf-pwgen -c 1 -l 16 # 生成一个 16 位便于记忆(默认算法)的密码
# halts105\lumbers
sf-pwgen -a random -c 1 -l 16 # 生成一个 16 位随机密码
# wq-Noe,V(9{;ya*L
OpenSSL
OpenSSL 是一个套接字层密码库,囊括主要的密码算法、常用的密钥和证书封装管理功能及 SSL 协议,并提供丰富的应用程序。
安装:
brew install openssl
使用:
OpenSSL 有两种运行模式:交互模式和批处理模式。直接输入 openssl 回车进入交互模式,输入带命令选项的 openssl 进入批处理模式。。
openssl rand -base64 16 | colrm 17
# /dOw/e8IspJ/640E
openssl rand -hex 16 | colrm 17
# f9dc69efd6db5667
openssl rand -base64 16 |md5 |head -c16; echo
# 03b325b5eaa5721a
gpg
gpg 是 Gnu Privacy Guard (GnuPG) 中的 OpenPGP 实现部分。它是一个提供 OpenPGP 标准的数字加密与签名服务的工具。gpg 具有完整的密钥管理功能和其他完整 OpenPGP 实现应该具备的全部功能。
brew install --cask gpg-suite-no-mail
使用:
gpg --help
gpg (GnuPG/MacGPG2) 2.2.32
libgcrypt 1.8.8
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
Syntax: gpg [options] [files]
Sign, check, encrypt or decrypt
Default operation depends on the input data
Commands:
-s, --sign make a signature
--clear-sign make a clear text signature
-b, --detach-sign make a detached signature
-e, --encrypt encrypt data
-c, --symmetric encryption only with symmetric cipher
-d, --decrypt decrypt data (default)
--verify verify a signature
-k, --list-keys list keys
--list-signatures list keys and signatures
--check-signatures list and check key signatures
--fingerprint list keys and fingerprints
-K, --list-secret-keys list secret keys
--generate-key generate a new key pair
--quick-generate-key quickly generate a new key pair
--quick-add-uid quickly add a new user-id
--quick-revoke-uid quickly revoke a user-id
--quick-set-expire quickly set a new expiration date
--full-generate-key full featured key pair generation
--generate-revocation generate a revocation certificate
--delete-keys remove keys from the public keyring
--delete-secret-keys remove keys from the secret keyring
--quick-sign-key quickly sign a key
--quick-lsign-key quickly sign a key locally
--quick-revoke-sig quickly revoke a key signature
--sign-key sign a key
--lsign-key sign a key locally
--edit-key sign or edit a key
--change-passphrase change a passphrase
--export export keys
--send-keys export keys to a keyserver
--receive-keys import keys from a keyserver
--search-keys search for keys on a keyserver
--refresh-keys update all keys from a keyserver
--import import/merge keys
--card-status print the card status
--edit-card change data on a card
--change-pin change a card's PIN
--update-trustdb update the trust database
--print-md print message digests
--server run in server mode
--tofu-policy VALUE set the TOFU policy for a key
Options:
-a, --armor create ascii armored output
-r, --recipient USER-ID encrypt for USER-ID
-u, --local-user USER-ID use USER-ID to sign or decrypt
-z N set compress level to N (0 disables)
--textmode use canonical text mode
-o, --output FILE write output to FILE
-v, --verbose verbose
-n, --dry-run do not make any changes
-i, --interactive prompt before overwriting
--openpgp use strict OpenPGP behavior
(See the man page for a complete listing of all commands and options)
Examples:
-se -r Bob [file] sign and encrypt for user Bob
--clear-sign [file] make a clear text signature
--detach-sign [file] make a detached signature
--list-keys [names] show keys
--fingerprint [names] show fingerprints
示例:
gpg --gen-random --armor 1 16 | colrm 17 # 生成一个 16 位随机密码
kSM9OKDxGvNmDipivP8=
md5deep hashdeep
安装:
brew install md5deep
使用:
md5deep --help
md5deep [OPTION]... [FILES]...
See the man page or README.txt file or use -hh for the full list of options
-p <size> - piecewise mode. Files are broken into blocks for hashing
-r - recursive mode. All subdirectories are traversed
-e - show estimated time remaining for each file
-s - silent mode. Suppress all error messages
-z - display file size before hash
-m <file> - enables matching mode. See README/man page
-x <file> - enables negative matching mode. See README/man page
-M and -X are the same as -m and -x but also print hashes of each file
-w - displays which known file generated a match
-n - displays known hashes that did not match any input files
-a and -A add a single hash to the positive or negative matching set
-b - prints only the bare name of files; all path information is omitted
-l - print relative paths for filenames
-t - print GMT timestamp (ctime)
-i/I <size> - only process files smaller/larger than SIZE
-v - display version number and exit
-d - output in DFXML; -u - Escape Unicode; -W FILE - write to FILE.
-j <num> - use num threads (default 4)
-Z - triage mode; -h - help; -hh - full help
示例:
date | md5deep | colrm 17
# 1569c5e0fc5864f1
netstat -an | md5deep | colrm 17
# d82bda87646f4ae0