Un bon mot de passe contient : majuscule, minuscule, trait d'union, nombre premier, haïku, hiéroglyphe, symbole astrologique, et le sang d'une vierge.
Keepassx / Keepass propose un générateur de mot de passe.
Générer un mot de passe vous-même : Gérer ses mots de passe
Sinon :
dd if=/dev/random bs=1 count=75 2>/dev/null | base64
ou
cat /dev/urandom |tr -dc A-Za-z0-9 |head -c10
Pour un code décimal
echo $RANDOM$RANDOM
Aléatoirement A ou B
r=(A B) echo ${r[RANDOM%2]}
Avec pwgen
pwgen -Bs1 16 pwgen -y1 16
Avec OpenSSL
openssl rand -hex 10 openssl rand -base64 16 | sed -e "y/\\/+/\$_/" -e "s/=//g" openssl rand 300 |perl -pe 's/[^[:ascii:]]|[[:space:]]|\"//g' |tr -d "'\{}\n"
Avec apg
apg -q -a 0 -n 1 -m 12 -M NCL apg -a 1 -m 32 -n 1 -M NCL
Avec GPG
gpg --gen-random --armor 0 24
Avec Ansible \ community.general.random
Hash md5
mkpasswd --hash=md5 $PASS
Hash SHA-512 ($6$ defaut GNU/Linux /etc/shadow)
mkpasswd --method=sha-512
openssl passwd -6 -salt MySaltPlop openssl passwd -6 <(echo 'P@ssw0rd')
$ man crypt
ID | Method
─────────────────────────────────────────────────────────
1 | MD5
2a | Blowfish (not in mainline glibc; added in some
| Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)
/usr/sbin/rngd -f --fill-watermark=0 -x pkcs11 -x nist
The Linux kernel facilitates random number generation through two devices: /dev/random and /dev/urandom with different properties:
/dev/random should be suitable for uses that need very high quality randomness such as one-time pad or key generation. When the entropy pool is empty, reads from /dev/random will block until additional environmental noise is gathered“ (random(4))./dev/urandom will not block, but the quality of its randomness may be lower.The kernel maintains an entropy pool for these devices. The entropy pool is fed by entropy sources of the system, typically coming from the keyboard, the mouse, and some other device drivers or IRQs. Entropy from the entropy pool is consumed in the generation of random data (i.e. through reads from /dev/random and /dev/urandom).
Voir :
Voir aussi : haveged, rng-tools, rngd, crng
rng-tools The rng-tools and haveged supports the “jitter” entropy source, which uses small CPU timing variances to provide some entropy.
Voir one-rng
Hardware :
Check the available entropy
cat /proc/sys/kernel/random/entropy_avail
Sur RedHat
yum install rng-tools systemctl enable --now rngd
# systemctl status rngd
● rngd.service - Hardware RNG Entropy Gatherer Daemon
Loaded: loaded (/usr/lib/systemd/system/rngd.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2024-01-11 11:37:01 CET; 3 weeks 5 days ago
Main PID: 1170 (rngd)
Tasks: 2 (limit: 48756)
Memory: 3.3M
CGroup: /system.slice/rngd.service
└─1170 /usr/sbin/rngd -f --fill-watermark=0 -x pkcs11 -x nist -x qrypt -D daemon:daemon
source : https://access.redhat.com/solutions/19866
NOTE: This method is potentially insecure. This method should only be used when no other source of entropy can be supplied, and software cannot be changed to use an alternative source besides /dev/random
You can see the entropy value using the following command: Raw
cat /proc/sys/kernel/random/entropy_avail
Now, start the rngd daemon using following command and monitor the entropy on the system: Raw
rngd -r /dev/urandom -o /dev/random watch -n 1 cat /proc/sys/kernel/random/entropy_avail
NOTE: Seeding /dev/random with data derived from /dev/urandom plays a trick on the system - the entropy_avail reported will increase, but the real entropy is actually decreasing. A software-only random number generator like rngd is not a proper substitute for a good hardware random number generator. Do not use rngd in this fashion unless you understand and accept this difference.
Voir
If you run the following, you will may see that available entropy is very low (< 128) and thus reading from /dev/random is likely to block. Raw
while sleep 1; do cat /proc/sys/kernel/random/entropy_avail ; done
You can set this temporarily to 1024 (default is 64) Raw
echo 1024 > /proc/sys/kernel/random/read_wakeup_threshold
An entropy source can be tested for (FIPS-compliant) randomness using the rng-tools or rng-utils.
rngtest -c 1000 </dev/random
scdrand
[ 1.616819] random: fast init done [ 2.299314] random: crng init done
Kernel boot parameter
random.trust_cpu=on
Voir https://daniel-lange.com/archives/152-hello-buster.html
Voir :
apt-get install infnoise
# #infnoise --raw --debug > /dev/null # infnoise --debug --no-output Generated 1048576 bits. OK to use data. Estimated entropy per bit: 0.875409, estimated K: 1.834528 num1s:50.805635%, even misfires:0.232630%, odd misfires:0.162635% Generated 2097152 bits. OK to use data. Estimated entropy per bit: 0.871953, estimated K: 1.830139 num1s:51.022205%, even misfires:0.206471%, odd misfires:0.139980% Generated 3145728 bits. OK to use data. Estimated entropy per bit: 0.872259, estimated K: 1.830528 num1s:50.800612%, even misfires:0.197788%, odd misfires:0.170402%
# systemctl status infnoise
● infnoise.service - Wayward Geek InfNoise TRNG driver
Loaded: loaded (/lib/systemd/system/infnoise.service; enabled; preset: enabled)
Active: active (running) since Mon 2023-07-24 20:23:18 CEST; 2min 46s ago
Docs: man:infnoise.service(8)
Process: 43156 ExecStart=/usr/sbin/infnoise --dev-random --daemon --pidfile /var/run/infnoise.pid (code=exited, status=0/SUCCESS)
Main PID: 43157 (infnoise)
Tasks: 1 (limit: 8733)
Memory: 588.0K
CPU: 69ms
CGroup: /system.slice/infnoise.service
└─43157 /usr/sbin/infnoise --dev-random --daemon --pidfile /var/run/infnoise.pid
Jul 24 20:23:18 vivobela systemd[1]: Starting infnoise.service - Wayward Geek InfNoise TRNG driver...
Jul 24 20:23:18 vivobela systemd[1]: Started infnoise.service - Wayward Geek InfNoise TRNG driver.
systemctl status dev-infnoise.device