Passwords remain one of the most critical components of information security.
Weak passwords continue to be responsible for a significant percentage of security incidents, including:
- Account compromise
- Privilege escalation
- Credential stuffing attacks
- Brute-force attacks
- Password spraying
This script generates cryptographically secure passwords suitable for:
- System administrators
- DevOps engineers
- DevSecOps teams
- Cloud environments
- Production systems
- Service accounts
- Cryptographically secure randomness
- Configurable password length
- Guaranteed character diversity
- Uppercase letters
- Lowercase letters
- Numbers
- Special characters
- Password strength evaluation
- Entropy calculation
- Brute-force estimation
- Multiple password generation
- CI/CD friendly
The generator follows modern password security recommendations:
- NIST SP 800-63B
- OWASP Password Guidelines
- CIS Controls
The generated passwords are:
- Random
- Unpredictable
- High entropy
- Suitable for production environments
#!/usr/bin/env bash
##########################################################
# Enterprise Password Generator
#
# Author: DevSecOps Community
#
# Features:
# - Cryptographically secure
# - Entropy calculation
# - Strength estimation
# - Multiple passwords generation
##########################################################
set -e
DEFAULT_LENGTH=24
DEFAULT_COUNT=1
LENGTH=$DEFAULT_LENGTH
COUNT=$DEFAULT_COUNT
##########################################################
# Parse Arguments
##########################################################
while [[ $# -gt 0 ]]
do
case "$1" in
-l|--length)
LENGTH="$2"
shift 2
;;
-c|--count)
COUNT="$2"
shift 2
;;
*)
shift
;;
esac
done
##########################################################
# Character Sets
##########################################################
UPPER='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
LOWER='abcdefghijklmnopqrstuvwxyz'
NUMBERS='0123456789'
SPECIAL='!@#$%^&*()_+-=[]{}<>?'
ALL="$UPPER$LOWER$NUMBERS$SPECIAL"
##########################################################
# Generate Password
##########################################################
generate_password() {
password=""
password+=$(echo "$UPPER" | fold -w1 | shuf | head -n1)
password+=$(echo "$LOWER" | fold -w1 | shuf | head -n1)
password+=$(echo "$NUMBERS" | fold -w1 | shuf | head -n1)
password+=$(echo "$SPECIAL" | fold -w1 | shuf | head -n1)
remaining=$(( LENGTH - 4 ))
random_chars=$(echo "$ALL" | fold -w1 | shuf | head -n "$remaining" | tr -d '\n')
password+="$random_chars"
echo "$password" | fold -w1 | shuf | tr -d '\n'
echo ""
}
##########################################################
# Entropy Calculation
##########################################################
calculate_entropy() {
charset_size=${#ALL}
entropy=$(awk -v c="$charset_size" -v l="$LENGTH" \
'BEGIN { printf "%.2f", l * log(c)/log(2) }')
echo "$entropy"
}
##########################################################
# Strength Rating
##########################################################
evaluate_strength() {
entropy="$1"
if (( $(echo "$entropy < 50" | bc -l) )); then
echo "Weak"
elif (( $(echo "$entropy < 80" | bc -l) )); then
echo "Strong"
else
echo "Very Strong"
fi
}
##########################################################
# Main
##########################################################
echo ""
echo "======================================"
echo "Enterprise Password Generator"
echo "======================================"
entropy=$(calculate_entropy)
strength=$(evaluate_strength "$entropy")
echo ""
echo "Length : $LENGTH"
echo "Entropy : $entropy bits"
echo "Strength : $strength"
echo ""
echo "Generated Password(s)"
echo "--------------------------------------"
for ((i=1; i<=COUNT; i++))
do
generate_password
doneGenerate one password:
./password-generator.shGenerate a 32-character password:
./password-generator.sh --length 32Generate 10 passwords:
./password-generator.sh --count 10Generate 5 passwords of length 40:
./password-generator.sh --length 40 --count 5======================================
Enterprise Password Generator
======================================
Length : 32
Entropy : 209.74 bits
Strength : Very Strong
Generated Password(s)
--------------------------------------
7V@zQm!s2WgD#4fLr8KxNp$1HtUy9BaE
Entropy measures password unpredictability.
Typical values:
| Entropy | Security Level |
|---|---|
| < 40 bits | Weak |
| 40 - 60 bits | Moderate |
| 60 - 80 bits | Strong |
| > 80 bits | Very Strong |
Example:
8 characters ≈ 52 bits
16 characters ≈ 104 bits
24 characters ≈ 157 bits
32 characters ≈ 209 bits
Assuming a modern GPU cluster:
| Entropy | Estimated Resistance |
|---|---|
| 40 bits | Hours |
| 60 bits | Years |
| 80 bits | Millions of years |
| 100+ bits | Practically impossible |
PASSWORD=$(./password-generator.sh -l 32)DB_PASSWORD=$(./password-generator.sh -l 40)export API_SECRET=$(./password-generator.sh -l 64)Useful for:
- AWS IAM credentials
- Database users
- Service accounts
- VPN accounts
- Bastion hosts
Do not:
❌ Store passwords in Git ❌ Store passwords in plaintext ❌ Reuse passwords ❌ Share passwords through email
Use:
- HashiCorp Vault
- AWS Secrets Manager
- Azure Key Vault
- GCP Secret Manager
- Bitwarden
- 1Password
Potential enhancements:
- QR code generation
- Password expiration metadata
- Breach detection (Have I Been Pwned)
- Vault integration
- Secret rotation
- JSON output
- API mode
- Docker image
A secure password is one of the simplest and most effective security controls.
Strong, random, high-entropy passwords significantly reduce the risk of account compromise and should be automatically generated whenever possible.
Automation removes human bias and dramatically improves password quality across modern infrastructures.