Some­times you’re in the need for cre­at­ing a secure pass­word, but don’t want to think of one and don’t want to use your default pass­word for every­thing. And exactly a t the moment you for­got how to invoke cat, sha1sum and sed to get one by your­self from /dev/random

Here comes mkpass­word. As easy as cre­at­ing a new folder with mkdir you can cre­ate a new pass­word with mkpassword now.


There isn’t actu­ally much to con­fig­ure. You can define the length, the type and the out­put options.

$ mkpassword -h
Usage: mkpassword [options]

  --version            show program's version number and exit
  -h, --help           show this help message and exit
  -v, --verbose        Verbose output
  -l N, --length=N     password lenght in characters
  -s X, --salt=X       use X as salt
  -c, --config-secure  skip some problematic characters
  -n, --no-colors      don’t use colored output
  -a, --alpha-numeric  only use letters and numbers
  -q, --quiet          only output the password

… and no, the salt isn’t actu­ally a salt, it’s more like adding a bit more pref­er­ence on some char­ac­ters. The -c para­me­ter fil­ters out the char­ac­ters ', \, and " that are usu­ally prob­lem­atic in a lot of con­fig­u­ra­tion files (escap­ing and stuff). Length of pass­word defaults to 20 characters.


This is the sim­plest call pos­si­ble. It uses all default val­ues and gen­er­ates a 20 char­ac­ters long pass­word using all print­able char­ac­ters except new­lines and any kinds of white-​spaces.

mkpassword -c

When cre­at­ing config-​secure pass­words it’s pos­si­ble that some of the char­ac­ters are removed reduc­ing the length of the cre­ated pass­word. Speak­ing of char­ac­ters: If you use lower lengths you’ll get a lit­tle warn­ing. The pass­words may still be secure, but cre­at­ing config-​secure pass­words could reduce the secu­rity of very short passwords.

mkpassword -l 15 and mkpassword -l 8

If you’re forced to use pass­words only con­tain­ing num­bers and let­ters for some rea­son, blame the per­son of charge and sim­ply use para­me­ter -a until that secu­rity hole is fixed ☺

mkpassword -a

Even if longer pass­words only con­tain­ing alpha-​numeric char­ac­ters are con­sid­ered rather secure, you should really only use this type of pass­word if there is no other way … But what if you can’t use mkpass­word at all, because it fails at some point (or you just want to know what it does)?

mkpassword -c -s blah -v

This rather com­plex exam­ple shows some of the already known para­me­ters com­bined with -v for print­ing ver­bose mes­sages. All the gray mes­sages in brack­ets are inter­nal func­tion calls or infor­ma­tions about actions are done before giv­ing the put­put. Use this lines as guide if the pro­gramm fails and please report that to me, thanks!

mkpassword -qn

This very reduced out­put (no col­ors, no mes­sages) is caused by the para­me­ters -q and -n com­bined. It only prints the pass­word with­out color codes. This can be use­ful if you want to use mkpassword within a script and only need the pass­word out­put. All other para­me­ters are work­ing here, too.

Pack­age for Arch Linux

If you’re an Arch Linux user, see mkpassword-​git in AUR. The AUR pack­age uses the most recent GitHub sources.

Download sources

See GitHub for details. All my code is available under GPLv3 or later.