1
00:00:03,390 --> 00:00:09,160
In the previous exercise you wrote a script that prompted the user to provide a password for the account

2
00:00:09,160 --> 00:00:14,620
that was being created in this lesson you're going to learn a few different ways to generate some random

3
00:00:14,620 --> 00:00:19,760
data including how to automate the process of generating a random password.

4
00:00:19,780 --> 00:00:24,370
This way you'll be able to improve your script by requiring less input from the user.

5
00:00:24,400 --> 00:00:27,380
And in my opinion the more you can automate the better.

6
00:00:27,700 --> 00:00:32,900
I have a terminal open up in my local system and I'm going to move into the class folder.

7
00:00:35,060 --> 00:00:41,380
We're going to continue working on the local user's system so I'll just change directory into their.

8
00:00:41,430 --> 00:00:43,830
Now we'll start the virtual machine and log into it.

9
00:00:48,850 --> 00:00:57,190
Now we can connect to it and move into the vagrant folder into the CD Ford slash vagrant.

10
00:00:57,190 --> 00:01:02,980
Now I'm going to create a script called L user demo 5. sh.

11
00:01:03,160 --> 00:01:05,670
Course we always start out our scripts of the shebang.

12
00:01:06,920 --> 00:01:12,530
And then we're going to put a header to our file here just a short sentence or two about the goal for

13
00:01:12,530 --> 00:01:13,280
this script.

14
00:01:13,430 --> 00:01:21,390
And so what this script does is it generates a list of random passwords.

15
00:01:21,390 --> 00:01:27,660
Now before we do any real coding let's look at the bash man page to see if it provides any way for us

16
00:01:27,660 --> 00:01:29,270
to get some random data.

17
00:01:29,640 --> 00:01:38,060
So let me see my changes here and we'll do man bash and we'll just look for random since random is an

18
00:01:38,060 --> 00:01:43,940
all capital letters and by convention variables are in all capital letters I can probably assume that

19
00:01:43,940 --> 00:01:51,140
random is a bash built in variable and it is and you can confirm that if you were to just go up the

20
00:01:51,140 --> 00:01:57,740
main page here into the header and you will see that it is indeed in the variable section of the man

21
00:01:57,740 --> 00:02:02,640
page and the scroll back down here and just read what this random variable is about.

22
00:02:02,780 --> 00:02:11,120
It says each time this parameter is referenced a random integer between 0 and 32000 767 is generated.

23
00:02:11,150 --> 00:02:16,150
So let's get back to the command line here by pressing Q to exit out of the man page and just echo a

24
00:02:16,220 --> 00:02:17,400
random and see what happens.

25
00:02:17,420 --> 00:02:26,320
Echo dollar random and there's around a number 43 8 let's see what happens if we access it again and

26
00:02:26,320 --> 00:02:32,410
we get different numbers each time we echo the random variable to the screen here.

27
00:02:32,590 --> 00:02:35,380
So that's a pretty simple way to get some random data.

28
00:02:35,380 --> 00:02:37,200
Let's get back into our script here.

29
00:02:40,800 --> 00:02:47,020
So the first password will generate will just be a random number as a password.

30
00:02:47,430 --> 00:02:54,810
So we'll set the password variable equal to dollar random and then we'll just echo that to the screen.

31
00:02:59,440 --> 00:03:01,060
See my changes and exit.

32
00:03:01,100 --> 00:03:05,440
Of course this is the first time I'm going to be executing the scripts I'm going to set the permissions

33
00:03:05,440 --> 00:03:06,000
on it.

34
00:03:06,040 --> 00:03:07,390
Chaumont 755.

35
00:03:07,400 --> 00:03:08,400
All user demo.

36
00:03:08,410 --> 00:03:09,810
5. sh.

37
00:03:10,210 --> 00:03:12,430
And then go ahead and execute it.

38
00:03:12,430 --> 00:03:17,950
So if we keep executing it you can see we just get a different random number just because I'm lazy I'm

39
00:03:17,950 --> 00:03:20,410
going to do something here that's a bit of a shortcut.

40
00:03:20,410 --> 00:03:21,010
I'm going to do.

41
00:03:21,010 --> 00:03:28,060
Exclamation mark vi to execute the most recent command that started with a V and this is called an event

42
00:03:28,150 --> 00:03:31,800
designator and I go through this in my command line Kung Fu book.

43
00:03:32,020 --> 00:03:36,630
But it's a quick way to execute a previous command that starts with the given string.

44
00:03:36,790 --> 00:03:40,920
So instead of having to retype out the whole them space I'll use or Desch or five.

45
00:03:40,960 --> 00:03:43,870
SH And I'm going to be executing this a lot.

46
00:03:43,870 --> 00:03:47,970
Coming executing the script and then going back and editing and so on and so forth.

47
00:03:48,010 --> 00:03:50,270
I'm just going to use this shortcut so if I do.

48
00:03:50,380 --> 00:03:56,030
Exclamation mark VI or bang VI and hit enter will be back into editing our script.

49
00:03:56,110 --> 00:04:01,330
So just using dollar sign random might be good enough especially if the user is forced to change their

50
00:04:01,330 --> 00:04:03,160
password on log in.

51
00:04:03,160 --> 00:04:07,170
And if you are concerned about security perhaps you would like a fairly long password.

52
00:04:07,240 --> 00:04:11,450
So let's do something like use two or three random numbers all together.

53
00:04:16,730 --> 00:04:23,690
So will reassign our password variable to random and just do this three times here.

54
00:04:28,040 --> 00:04:33,770
And we'll display that password to the screen OK I'm going to execute dot forward slash.

55
00:04:33,780 --> 00:04:36,330
I'll use the Dromo 5 and I'm to use my shortcut here.

56
00:04:36,390 --> 00:04:43,320
Exclamation mark dot when you perform this shortcut it actually displays what it executes and then executes

57
00:04:43,320 --> 00:04:43,820
it.

58
00:04:43,830 --> 00:04:46,160
I'm just going to hit the up arrow since I'm already here.

59
00:04:46,200 --> 00:04:48,660
So here you can see that we're getting some random data.

60
00:04:48,660 --> 00:04:51,210
The first password is just one random number.

61
00:04:51,210 --> 00:04:55,670
The second password that we're generating here are three random numbers together.

62
00:04:55,770 --> 00:05:00,600
And as you can see there are varying lengths and whatever so this also could be good enough but we can

63
00:05:00,600 --> 00:05:02,020
do something better.

64
00:05:02,310 --> 00:05:08,310
If you think about it something that is always changing is time it's never the same time ever again.

65
00:05:08,310 --> 00:05:13,710
It's now and then now was a second ago and now is also a second ago and so on.

66
00:05:13,710 --> 00:05:20,490
So that is some data that is always changing so let's use the current date and time as the basis for

67
00:05:20,490 --> 00:05:22,480
a password degenerate.

68
00:05:22,560 --> 00:05:28,520
So let's go ahead and look at the date command and some of its options.

69
00:05:28,560 --> 00:05:32,050
So obviously the date prints or sets the system date and time.

70
00:05:32,100 --> 00:05:38,310
The synopsis here is date followed by optional option and the Lipsius there says that you can have multiple

71
00:05:38,310 --> 00:05:38,900
options.

72
00:05:39,180 --> 00:05:45,480
And then also in brackets which means it's optional is a format plus followed by some sort of format.

73
00:05:45,510 --> 00:05:50,030
So let's check out the different formats that are available to us not just to afford for search with

74
00:05:50,030 --> 00:05:57,370
a slash format and press enter it and to go to the next match and to go the next match and so on.

75
00:05:57,630 --> 00:06:03,930
So here it says format controls the output and each one of these looks like they begin with a percent

76
00:06:03,930 --> 00:06:04,840
sign.

77
00:06:05,040 --> 00:06:12,620
For example percent lower case a is the abbreviated week day name percent upper case a is the full weekday

78
00:06:12,630 --> 00:06:14,750
name and so on and so forth.

79
00:06:14,940 --> 00:06:28,070
I want to point out percent sign yes on here and percent sign lowercase s is seconds since 1970 0 101

80
00:06:28,080 --> 00:06:32,920
January 1st 1970 at 0 hours UTC.

81
00:06:33,210 --> 00:06:35,850
This particular date is called the epoch.

82
00:06:36,000 --> 00:06:40,140
And some people actually call this epic time or Unix time.

83
00:06:40,260 --> 00:06:46,470
This Unix time and it's also called POSIX time by the way or epoch time is simply the number of seconds

84
00:06:46,500 --> 00:06:51,600
that have elapsed since January 1st 1970 so I'm hit.

85
00:06:51,600 --> 00:06:57,150
Q here to exit on the man page and let's just see what that looks like will the date plus that says

86
00:06:57,180 --> 00:07:01,500
hey we're going to use a format we'll use percent sign s and hit enter.

87
00:07:01,590 --> 00:07:08,570
And so that is the number of seconds since January 1st 1970 and we do it again and again.

88
00:07:08,760 --> 00:07:16,020
So 14 seconds 15 seconds 18 19 20 21 and so on.

89
00:07:16,020 --> 00:07:19,810
So this number just continually increments every single second.

90
00:07:19,950 --> 00:07:22,980
So we could actually use this as a password.

91
00:07:23,430 --> 00:07:27,660
Let's get back to editing our files here I'm going to use my shortcut bang the

92
00:07:37,270 --> 00:07:41,560
so we'll set the password equal to 8.

93
00:07:41,740 --> 00:07:48,610
And remember that the dollar sign opening parentheses and then a command followed by the closing parentheses.

94
00:07:48,610 --> 00:07:55,000
That takes the output of that command within the parentheses and assigns it to the variable so the password

95
00:07:55,000 --> 00:07:59,390
variable is going to contain the value of whatever that date command returns.

96
00:07:59,590 --> 00:08:01,440
And then we'll just echo this to the screen.

97
00:08:04,810 --> 00:08:07,510
Hey I'm going to execute the script again.

98
00:08:09,210 --> 00:08:15,000
And here we can see that it you know in increments by one number each time one second each time we run

99
00:08:15,000 --> 00:08:17,220
it or in this case a couple of seconds.

100
00:08:17,370 --> 00:08:19,860
Because I've been talking for a couple of seconds.

101
00:08:20,130 --> 00:08:22,280
In theory this password could be guessed.

102
00:08:22,440 --> 00:08:27,420
For example the more you know about the password generation technique the easier the passwords are to

103
00:08:27,420 --> 00:08:28,070
crack.

104
00:08:28,260 --> 00:08:33,930
So if you know what day a password was generated on and you know that there are only eighty six thousand

105
00:08:33,930 --> 00:08:39,990
four hundred seconds in a day that means there are only eighty six thousand four hundred possible passwords.

106
00:08:39,990 --> 00:08:45,660
Now you can further infer some more information and guess that the password was probably generated during

107
00:08:45,660 --> 00:08:47,080
normal business hours.

108
00:08:47,100 --> 00:08:49,530
So that leaves about an eight hour window.

109
00:08:49,530 --> 00:08:54,140
Now you're down to about 28 29 thousand possible passwords.

110
00:08:54,150 --> 00:08:57,270
Now I'm getting a little bit off track here but you get the idea.

111
00:08:58,120 --> 00:09:01,880
So let's find a way to make this even harder to guess.

112
00:09:01,900 --> 00:09:04,360
Let's get back to the man page for date.

113
00:09:04,390 --> 00:09:10,140
I don't know the last command that I executed that started within him was mandate so I can do.

114
00:09:10,180 --> 00:09:13,150
Exclamation mark him and hit enter.

115
00:09:13,180 --> 00:09:18,280
So I want to point out this nanoseconds format.

116
00:09:18,330 --> 00:09:19,930
What do you use this format.

117
00:09:19,960 --> 00:09:24,400
It prints the nanosecond that the date command was executed.

118
00:09:24,400 --> 00:09:27,010
So there's about nine digits there.

119
00:09:27,010 --> 00:09:30,200
So that leaves us a whole lot more data together.

120
00:09:30,200 --> 00:09:35,620
So it'd be really hard to guess those nanoseconds because each time you run the day command I mean has

121
00:09:35,620 --> 00:09:40,520
to be the exact to the nano second and that provides us a lot more variation.

122
00:09:40,570 --> 00:09:46,590
So if we actually combine that with the epoch time then we can get a long number.

123
00:09:46,660 --> 00:09:52,120
So let's do this let's run the data command will say we're going to use a format we want the second

124
00:09:52,120 --> 00:09:53,150
since the epic.

125
00:09:53,260 --> 00:09:58,490
And then we also want the nanosecond and we'll hit in here like this and press enter.

126
00:09:58,660 --> 00:10:06,010
So now when we execute this maybe the first portion of the password that represents the percent sign

127
00:10:06,010 --> 00:10:08,820
S is only incrementing by one digit.

128
00:10:08,920 --> 00:10:14,440
But the last few digits they're pretty much look random because they're based on the nanoseconds of

129
00:10:14,440 --> 00:10:16,490
when the date command was executed.

130
00:10:17,020 --> 00:10:20,030
So let's go ahead and use this as a possible password.

131
00:10:32,280 --> 00:10:36,250
Sign the date command to the password variable and then echo the password

132
00:10:39,850 --> 00:10:43,700
let's execute the script a couple of times.

133
00:10:43,920 --> 00:10:46,890
And so you can see that it looks fairly random.

134
00:10:46,890 --> 00:10:51,870
So that's a better password than the just the second since epoch.

135
00:10:51,990 --> 00:10:58,080
Let's take this one step further by using checksums or cryptographic hash functions.

136
00:10:58,170 --> 00:11:04,160
A checksum is a numeric value computed for a block of data that is relatively unique.

137
00:11:04,230 --> 00:11:09,300
Checksums were and are used to verify the integrity of data such as files.

138
00:11:09,300 --> 00:11:14,130
For example if you download a file and you want to make sure that it's not corrupt in some way you find

139
00:11:14,130 --> 00:11:18,660
the published checksums for the file and compare it to the file you downloaded.

140
00:11:18,660 --> 00:11:25,380
Let's take sinto for example they publish Siobhan some's and shot 256 sums for their downloads.

141
00:11:25,470 --> 00:11:29,790
By the way I didn't include the Cinto ISO that I'm about to use in the course download because it's

142
00:11:29,790 --> 00:11:32,580
about 700 megabytes the time in this recording.

143
00:11:32,580 --> 00:11:37,070
So if you want to follow along with this specific section you're going to have to download the ISOs

144
00:11:37,070 --> 00:11:40,980
separately and then look at the check checksums published by Santos.

145
00:11:40,980 --> 00:11:43,890
At the time you download the ISO file.

146
00:11:44,160 --> 00:11:53,740
Anyway here are the contents of the Shaw one some text file published by Santos.

147
00:11:53,830 --> 00:12:00,460
So for each file that they publish they produce a Shaw one some that corresponds to that file.

148
00:12:00,550 --> 00:12:10,650
So the first file up there the Cinto 7 DVD 16:11 ISO corresponds to the CS 0 1 8 5 7 7 etc. shall want

149
00:12:10,660 --> 00:12:17,720
some so we can use the Shaw one some command on our side to run the Shaw one mathematical algorithm

150
00:12:17,720 --> 00:12:21,910
against this file to return its checksum or Shaw one some value.

151
00:12:22,100 --> 00:12:29,480
So I've downloaded the minimal ISO so I'm going to run Shaw one some on the Scinto 7 minimal ISO here

152
00:12:29,480 --> 00:12:33,240
and hit enter some more or less.

153
00:12:33,240 --> 00:12:36,920
This number represents all the data in that single file.

154
00:12:37,020 --> 00:12:42,360
If it matches what is published then you're virtually guaranteed that the data is exactly the same.

155
00:12:42,360 --> 00:12:48,450
So in this case we have a known good copy of the Sentosa ISO because it Shaw won some matches the publisher

156
00:12:48,530 --> 00:12:49,250
on won some.

157
00:12:49,270 --> 00:12:50,530
I'll highlight that here.

158
00:12:50,640 --> 00:12:53,090
Here's the show on some of our local file.

159
00:12:53,280 --> 00:12:59,040
And here is the published Shaw one some provided by Sentosa that is supposed to correspond to that file.

160
00:12:59,150 --> 00:13:04,980
And so as you can see it begins with 7:01 and ends with it for half an hour begins with 7:1 and also

161
00:13:04,980 --> 00:13:06,530
ends with for f..

162
00:13:06,600 --> 00:13:09,480
So we have the same file.

163
00:13:09,570 --> 00:13:11,720
They also publish Shaugh 256.

164
00:13:11,730 --> 00:13:17,470
So let's use the Shaw 256 some command against that ISO and hit enter.

165
00:13:19,030 --> 00:13:24,750
OK it generated the shot 256 some for that file and we can compare it to what's published.

166
00:13:24,750 --> 00:13:29,690
So let's look at the shot 256 some file that I downloaded from Cintas.

167
00:13:30,050 --> 00:13:34,930
OK this checks out as well it should because the other some checked out but we're just experimenting

168
00:13:34,930 --> 00:13:40,690
here so we have a 256 some that begins with 2007 and ends with 86 a.

169
00:13:40,960 --> 00:13:47,210
And sure enough the minimal ISO corresponds begins with 27 and ends with eighty six.

170
00:13:47,210 --> 00:13:53,460
A Let's change the file just ever so slightly and see if the some still match.

171
00:13:53,800 --> 00:13:58,240
So I'm just going to add one character to the end of the file and one way to do that is to simply do

172
00:13:58,240 --> 00:14:03,100
something like Echo a one to the end of this file and hit enter.

173
00:14:03,490 --> 00:14:05,650
So now we've changed the file just a bit.

174
00:14:05,650 --> 00:14:11,800
So I'm in the back up here and execute my shot 256 some command again and see what happens.

175
00:14:13,100 --> 00:14:16,280
Now it doesn't match the sum we receive.

176
00:14:16,280 --> 00:14:19,850
Begin with a and ends with a one here.

177
00:14:19,910 --> 00:14:22,560
Obviously this is a big long string in the middle.

178
00:14:22,680 --> 00:14:27,910
But if we compare that to the known good checksum it doesn't match.

179
00:14:28,040 --> 00:14:34,880
So even a very slight change of data completely changes this check that's returned.

180
00:14:35,120 --> 00:14:41,630
By the way there are other hash functions and check some program so we can do a quick ls and user Bensenville

181
00:14:41,630 --> 00:14:50,020
the shoe LS Desch l user Ben for any programs that and in some will use a wildcard of asterisk and then

182
00:14:50,030 --> 00:14:51,300
some and hit enter.

183
00:14:51,500 --> 00:14:56,740
So you have S.K. some empty fivesome Shaw one some sha to 24 or so on.

184
00:14:56,780 --> 00:15:00,580
So all these programs do pretty much the same thing.

185
00:15:00,620 --> 00:15:06,980
They take a big chunk of data and reduce it down to a single number or a string that represents that

186
00:15:06,980 --> 00:15:10,660
chunk of data to verify if it's the same or not.

187
00:15:10,880 --> 00:15:14,020
OK now let's bring this back to password generation.

188
00:15:14,120 --> 00:15:19,850
As you might have noticed the checksums are actually hexadecimal numbers with zero through nine representing

189
00:15:19,850 --> 00:15:25,310
Well zero of 9 and a few f representing the values from 10 to 16.

190
00:15:25,340 --> 00:15:32,090
If we were to use a Shaw 256 sum as a password for example that password would consist of 16 different

191
00:15:32,090 --> 00:15:37,370
characters that 0 through 9 and a through f and B 64 characters and length.

192
00:15:37,460 --> 00:15:39,190
That's a pretty darned good password.

193
00:15:39,350 --> 00:15:45,680
So let's turn the current date and time into a shot 256 some by piping the output of the date command

194
00:15:45,710 --> 00:15:49,470
as the input into the SHA 256 sum command.

195
00:15:49,820 --> 00:15:55,970
So we'll just run the date command by itself date and we'll use the Epik here and now when I'm going

196
00:15:55,970 --> 00:16:02,570
to do is use a pipe symbol which takes the output of the preceding command and sends it as a standard

197
00:16:02,660 --> 00:16:04,440
input to the following command.

198
00:16:04,520 --> 00:16:07,800
Sha to 56 and hit enter.

199
00:16:08,060 --> 00:16:10,000
OK so that's the SHA 256.

200
00:16:10,010 --> 00:16:14,210
Some of the output of the date command at the time it was executed.

201
00:16:14,210 --> 00:16:18,500
So obviously when you execute this you're going to get a different value because when you're watching

202
00:16:18,500 --> 00:16:23,420
this video it's going to be far past when I recorded it so obviously you're going to be getting different

203
00:16:23,420 --> 00:16:24,380
data here.

204
00:16:24,410 --> 00:16:30,110
So how does this work or why does this work so we were running Shaw 256 some against files.

205
00:16:30,120 --> 00:16:31,580
Well let's look at the man Pedro a quick

206
00:16:34,760 --> 00:16:41,570
so in the synopsis there we have an optional option as well as an optional file and it says with no

207
00:16:41,570 --> 00:16:45,770
file or one file is a dash read standard input.

208
00:16:45,980 --> 00:16:51,200
So remember with a pipe pipe turned to the output of the previous command as standard input and the

209
00:16:51,200 --> 00:16:52,790
command that follows the pipe.

210
00:16:52,910 --> 00:16:56,900
So that is how this works and by the way most commands will work like this.

211
00:16:56,900 --> 00:17:03,530
If they take a file as an argument you can also not use the file and instead use standard input via

212
00:17:03,530 --> 00:17:06,480
a pipe and it will operate on that input.

213
00:17:06,900 --> 00:17:09,590
So I'll hit you to exile the man page here.

214
00:17:09,590 --> 00:17:15,920
Since our goal here is to really generate a seemingly random set of characters as a password we really

215
00:17:15,920 --> 00:17:18,680
don't care if the short summer Mayne's intact or not.

216
00:17:18,680 --> 00:17:22,460
We're not going to be using that check sum to check it against another piece of data.

217
00:17:22,490 --> 00:17:24,350
We just want its output.

218
00:17:24,530 --> 00:17:29,510
So if we want to control the size of this generated password you'll need to control the number of characters

219
00:17:29,510 --> 00:17:31,100
returned or displayed.

220
00:17:31,130 --> 00:17:34,100
One way to do this is with the head command.

221
00:17:34,430 --> 00:17:39,740
And just to briefly recap how can you tell if head is a program on the system or if it's a shell built

222
00:17:39,740 --> 00:17:40,160
in.

223
00:17:40,310 --> 00:17:43,830
Well of course you can use the type built in type dashi head.

224
00:17:43,970 --> 00:17:48,230
Sure enough head is user bin head which is a program so he can't use help.

225
00:17:48,260 --> 00:17:50,050
And what we have to do is use man head.

226
00:17:50,060 --> 00:17:51,570
Just a quick reminder there.

227
00:17:51,920 --> 00:17:58,430
So what head does is it outputs the first part of files or the head portion of a file without any option

228
00:17:58,430 --> 00:18:01,500
it just prints the first 10 lines of a file.

229
00:18:01,520 --> 00:18:05,840
You can also see this command like the shot 256 some command.

230
00:18:05,840 --> 00:18:09,870
It says With no file or one file as a dash read standard input.

231
00:18:10,010 --> 00:18:15,670
So we know we can use this head command in conjunction with the pipe the first option that's listed

232
00:18:15,670 --> 00:18:22,270
there is dash C or dash dash bytes and the long form and what that does is print's the first k bytes

233
00:18:22,270 --> 00:18:23,460
of each file.

234
00:18:23,470 --> 00:18:28,410
So if we were to do dasht see one then it would just print the first character of the file.

235
00:18:29,560 --> 00:18:35,740
The next option is Dasch in four lines and that prints the first number of lines that you specify instead

236
00:18:35,740 --> 00:18:37,900
of the default first 10 lines.

237
00:18:37,900 --> 00:18:40,830
So let's go ahead and try both of these options out.

238
00:18:41,080 --> 00:18:45,110
So let's do head dash and one on Etsy password.

239
00:18:45,310 --> 00:18:49,320
And what that does is print's the first line of ETSI password.

240
00:18:49,510 --> 00:18:54,710
By the way you can also do this head dash in space one ETSI password.

241
00:18:55,030 --> 00:19:00,610
So if you see either style if you see someone like me who take some shortcuts sometimes I'll probably

242
00:19:00,610 --> 00:19:05,340
squish the value against its options so dash in one for example.

243
00:19:05,380 --> 00:19:08,370
But if you see a dash in space 1 it's the same thing.

244
00:19:08,370 --> 00:19:11,170
So if you see the one you know it's the same thing.

245
00:19:11,500 --> 00:19:19,070
And by the way there's an old style of using this head command so let's do this head dash 1 ETSI password.

246
00:19:19,300 --> 00:19:25,390
So instead of using a dash in followed by a number just use the dash followed up by the number.

247
00:19:25,390 --> 00:19:31,690
So here's how to print the first two lines of that file head to the password and so on.

248
00:19:31,690 --> 00:19:38,860
Obviously that's equivalent of head Desch into that C password or head dash in space to ETSI password.

249
00:19:39,250 --> 00:19:46,340
OK let's just print the first character of the password file head Dasch see one ETSI password.

250
00:19:46,510 --> 00:19:52,080
Let's print the first two characters had dash C to add c password.

251
00:19:52,200 --> 00:19:57,100
So obviously the first line we can see it starts with the root the first character is are the first

252
00:19:57,100 --> 00:19:59,170
two characters are are O.

253
00:19:59,410 --> 00:20:03,700
Now I'm sure you remember from the main page how you can use standard input instead of a file with the

254
00:20:03,700 --> 00:20:04,230
head command.

255
00:20:04,230 --> 00:20:05,510
So let's try that out.

256
00:20:05,710 --> 00:20:12,010
Let's generate some output from the echo command we'll just do echo testing and then we'll pipe that

257
00:20:12,040 --> 00:20:16,010
output as the standard input into the head command.

258
00:20:16,150 --> 00:20:20,370
And let's just print the first two characters dash C 2.

259
00:20:20,380 --> 00:20:23,460
So sure enough it returns t e.

260
00:20:23,860 --> 00:20:25,570
Now let's change the date command.

261
00:20:25,570 --> 00:20:29,530
The shot 256 some command and the head command all together.

262
00:20:29,550 --> 00:20:35,350
So you can have multiple pipes not just one pipe but you can keep modifying the output and keep piping

263
00:20:35,350 --> 00:20:36,860
it in two different commands.

264
00:20:37,120 --> 00:20:45,190
So we'll execute date second since the epoch will get the Shah to 56 some for that and we'll print the

265
00:20:45,190 --> 00:20:46,930
first eight characters.

266
00:20:47,140 --> 00:20:49,280
So if hit the up arrow key and do that again.

267
00:20:49,480 --> 00:20:55,500
Again we keep getting a seemingly bit of random data here if we want to make this even better.

268
00:20:55,500 --> 00:21:05,560
We can add those nano seconds to the mix so we can do date s in SHA use some head dash C-8 and we get

269
00:21:05,590 --> 00:21:07,190
even more random data.

270
00:21:07,540 --> 00:21:11,310
Now let's add this method to our script saw go back and edit the file

271
00:21:16,110 --> 00:21:18,950
will say we'll create a better password.

272
00:21:23,450 --> 00:21:31,760
So we'll use the date command was seconds and nanoseconds Shaw 56 some had Dessie and then we'll just

273
00:21:31,760 --> 00:21:35,530
say specify 32 character length password here.

274
00:21:36,670 --> 00:21:42,740
And will echo this password to the screen.

275
00:21:42,750 --> 00:21:44,810
Got my opening quote there.

276
00:21:45,660 --> 00:21:50,430
Let's exit to the command line and execute our script.

277
00:21:50,530 --> 00:21:56,290
Hey so the password at the very bottom here the latest thing that we're echoing to the screen is that

278
00:21:56,290 --> 00:21:58,160
32 character password.

279
00:21:58,420 --> 00:22:02,780
And so each time we execute it we get a very different result.

280
00:22:03,010 --> 00:22:05,910
So that looks like a pretty good password to me.

281
00:22:06,010 --> 00:22:07,630
But we can even take this further.

282
00:22:07,630 --> 00:22:09,490
Let's go back and edit or file again.

283
00:22:14,740 --> 00:22:17,050
Let's create an even better password.

284
00:22:17,050 --> 00:22:24,160
One way we can do this is just add some random numbers to the mix so we'll do date plus ASP plus in

285
00:22:24,570 --> 00:22:27,930
and we'll follow that by a couple of random numbers here.

286
00:22:29,200 --> 00:22:32,490
And then we'll pipe that into sha 2:56.

287
00:22:32,770 --> 00:22:37,110
And then we're going to do is let's say we want to make this password.

288
00:22:37,180 --> 00:22:42,940
Forty eight characters in length so we'll do Dessie forty eight and we'll echo that password to the

289
00:22:42,940 --> 00:22:43,520
screen.

290
00:22:49,410 --> 00:22:54,270
OK as you can see we got a 32 character password and then the forty eight character password here.

291
00:22:54,470 --> 00:23:00,150
So just keep running that and we get lots of different passwords here that we could use.

292
00:23:00,170 --> 00:23:06,140
Now there are other probably way more secure ways to generate a password that has nothing to do with

293
00:23:06,140 --> 00:23:07,080
the current date.

294
00:23:07,160 --> 00:23:13,490
But this is really honestly good enough especially if you're going to force a password change on log

295
00:23:13,490 --> 00:23:13,850
in.

296
00:23:14,030 --> 00:23:19,760
But while we're at it let's keep going and add a special character to the generated password file.

297
00:23:19,760 --> 00:23:24,100
Now let's start out by displaying the set of special characters that we want to use.

298
00:23:24,200 --> 00:23:29,120
And I'm actually going to store this into a variable right here in our interactive shell so I don't

299
00:23:29,120 --> 00:23:34,700
have to keep typing these characters over and over again so I'm just going to use a simple name of capital

300
00:23:34,700 --> 00:23:35,470
S.

301
00:23:35,480 --> 00:23:40,610
Now again that's not a best practice for shell scripting but it's going to work for testing and it will

302
00:23:40,610 --> 00:23:44,050
use a better more descriptive variable name for our script.

303
00:23:44,090 --> 00:23:58,210
But here in the command line I'm just going to use the variable S and assigned it to the special characters.

304
00:23:58,250 --> 00:24:00,190
Hey let's echo those characters.

305
00:24:02,260 --> 00:24:02,580
OK.

306
00:24:02,590 --> 00:24:05,050
Those are special characters.

307
00:24:05,050 --> 00:24:10,870
Now we need a way to randomly extract just one special character from that list.

308
00:24:10,870 --> 00:24:14,410
Now there is a command called shove S H U F.

309
00:24:14,410 --> 00:24:16,330
Now let's see if it can do what we want.

310
00:24:16,330 --> 00:24:18,910
So let's look at the man page for this command.

311
00:24:18,940 --> 00:24:24,130
It says right a random permutation of the input lines to standard output.

312
00:24:24,160 --> 00:24:26,550
So this appears to work on entire lines.

313
00:24:26,560 --> 00:24:29,890
Now of course if you're unsure what a command does well just try it out.

314
00:24:29,890 --> 00:24:36,280
So let's do that here let's run it against the password file for example and see what happens to go

315
00:24:36,430 --> 00:24:42,760
the man page and we'll just do Schaaf at c password and let's do it a couple times to see if we can

316
00:24:42,760 --> 00:24:45,190
figure out what it's doing here.

317
00:24:45,190 --> 00:24:48,910
So sure enough it is definitely printing entire lines.

318
00:24:49,180 --> 00:24:58,570
And if we just look for example at the last line here and FS nobody our PC user Einstein and so on that

319
00:24:58,650 --> 00:25:03,990
this is definitely displaying random lines out of the ETSI password file.

320
00:25:04,180 --> 00:25:09,820
So we need to break our list of single characters into individual lines so that we can then use Schaaf

321
00:25:09,820 --> 00:25:11,680
to do the randomization.

322
00:25:11,680 --> 00:25:15,080
So there happens to be a command called foaled that can do just this.

323
00:25:15,310 --> 00:25:22,540
Let's look at the man page for foaled of the fold command wraps each input line to fit in a specified

324
00:25:22,540 --> 00:25:26,510
width and it looks like there are some different ways to specify that width.

325
00:25:26,650 --> 00:25:31,960
And by the way if we want to change our entire line of special characters into separate lines then we

326
00:25:31,960 --> 00:25:33,820
simply need a width of one.

327
00:25:34,210 --> 00:25:40,850
So if we look here Dasch be says it shows bytes that C counts characters rather than columns.

328
00:25:41,060 --> 00:25:43,690
So w use width instead of 80.

329
00:25:43,810 --> 00:25:49,830
So it looks like we have a couple of different options here a dash B C or dash w that we can use.

330
00:25:49,840 --> 00:25:53,540
It's not really clear here and the man page what the difference is.

331
00:25:53,680 --> 00:25:59,650
So what I like to do is experiment so I'm going to use each one of these options and see if I can spot

332
00:25:59,680 --> 00:26:05,100
a difference between them so I'll just hit Q to get out of the man page and return to the command line.

333
00:26:05,110 --> 00:26:07,270
So let's echo our string of characters here.

334
00:26:07,360 --> 00:26:11,100
Echo.

335
00:26:11,180 --> 00:26:13,150
Now let's see what fold.

336
00:26:13,310 --> 00:26:16,940
There should be one does OK.

337
00:26:16,960 --> 00:26:19,270
And lists are characters with the.

338
00:26:19,470 --> 00:26:25,450
One looks like our last character here is equal sign but it looks like there's an empty line here.

339
00:26:25,490 --> 00:26:26,220
OK.

340
00:26:26,390 --> 00:26:29,310
Well let's see what Dasch see one does.

341
00:26:30,370 --> 00:26:31,080
Same thing.

342
00:26:31,090 --> 00:26:34,010
Let's look at Dasch w one.

343
00:26:34,140 --> 00:26:39,240
OK so in my opinion it's easier to work with a dash w option because we don't have to account for that

344
00:26:39,240 --> 00:26:41,340
blank line that's being generated.

345
00:26:41,340 --> 00:26:44,690
So now let's pass this output into the shelf command.

346
00:26:44,820 --> 00:26:52,830
So we'll do Ecko dollar s into fold and then we'll pass that to shop and we get a different order of

347
00:26:52,830 --> 00:26:53,370
the characters.

348
00:26:53,370 --> 00:26:56,230
Let's keep doing this couple of times here.

349
00:26:56,340 --> 00:27:01,910
And sure enough each time we run it these characters are displayed in a different order.

350
00:27:01,920 --> 00:27:05,130
Now we're getting a random list of special characters.

351
00:27:05,130 --> 00:27:10,620
If we only want one special character we can use the hit command with a dash see option followed by

352
00:27:10,620 --> 00:27:18,670
a one so let's see that head dash see one and sure enough we get a dollar sign that time we execute

353
00:27:18,670 --> 00:27:19,080
it.

354
00:27:19,300 --> 00:27:25,920
It's time we get a closing parentheses a pound sign closing parentheses the carrot symbol pound sign.

355
00:27:26,050 --> 00:27:32,310
So this appears to be working doing what we really want which is to get a random special character.

356
00:27:32,320 --> 00:27:37,200
Now I hope you noticed a pattern in how I worked through this little mini challenge here.

357
00:27:37,270 --> 00:27:39,100
First I had a goal in mind.

358
00:27:39,130 --> 00:27:42,410
I knew I wanted a random single special character.

359
00:27:42,490 --> 00:27:45,400
Next I simply displayed what I had in this case.

360
00:27:45,410 --> 00:27:48,940
I use the echo command to display the special characters.

361
00:27:48,940 --> 00:27:53,860
Now if I was working on another problem perhaps I would display the contents of a file or something

362
00:27:53,860 --> 00:27:54,720
else.

363
00:27:54,730 --> 00:27:58,260
Next I change the output so that I could work with it easier.

364
00:27:58,330 --> 00:28:03,180
The way you can change the output is by using that output as the input of another command.

365
00:28:03,190 --> 00:28:08,860
So I pipe the output of the echo command into the fold command and I kept doing this until I reached

366
00:28:08,860 --> 00:28:10,150
my goal.

367
00:28:10,150 --> 00:28:15,130
Taking the output piping it in as the input to another command and keep repeating that.

368
00:28:15,490 --> 00:28:20,860
So it's important to keep in mind that Unix and Linux philosophy that each program should only do one

369
00:28:20,860 --> 00:28:23,740
thing and that it should do it very well.

370
00:28:23,740 --> 00:28:27,070
So in our case the echo command only displays output.

371
00:28:27,190 --> 00:28:30,630
It doesn't do any sorting it doesn't do any randomization and so on.

372
00:28:30,790 --> 00:28:36,460
It does it's one job and it does it really well when you need another job done you'll need to use another

373
00:28:36,460 --> 00:28:37,150
command.

374
00:28:37,150 --> 00:28:42,520
That's why we use pipes so we can string together all the specialized commands to make the system do

375
00:28:42,520 --> 00:28:44,470
exactly what we want.

376
00:28:44,470 --> 00:28:48,780
Some people call this data lungeing or string manipulation and so on.

377
00:28:48,790 --> 00:28:54,070
At any rate I go over a lot of these techniques in my command line Kung Fu book and it's filled with

378
00:28:54,070 --> 00:29:00,150
examples of small specialized commands all piled together to do something unique and useful.

379
00:29:00,160 --> 00:29:04,570
Anyway before I get too carried away about how awesome Linux is and the philosophy and so on let's go

380
00:29:04,570 --> 00:29:08,280
ahead and add this last way to generate a password to our script.

381
00:29:12,170 --> 00:29:21,950
We're just going to append a special character to the password so we'll do a special character variable

382
00:29:21,950 --> 00:29:24,640
name which is a lot better than just dollar sign.

383
00:29:24,640 --> 00:29:29,560
S We're going to echo our string of special characters.

384
00:29:35,430 --> 00:29:42,240
Type that into fold with the width of one column Schaaf to randomize those lines and then we're just

385
00:29:42,240 --> 00:29:49,300
going to extract one character from that the first character and now we're going to echo that password

386
00:29:49,840 --> 00:29:54,620
that we generated previously and we're going to append this special character to it.

387
00:29:58,670 --> 00:30:01,960
Hey let's save our changes and execute our script.

388
00:30:02,630 --> 00:30:07,520
Hey so you can see that this forty eight character password was generated and then we just displayed

389
00:30:07,520 --> 00:30:11,080
that in addition to a random special character.

390
00:30:11,180 --> 00:30:17,450
So each time we do this we'll get a different password that now includes a special character so we have

391
00:30:17,690 --> 00:30:18,890
a great password.

392
00:30:18,890 --> 00:30:25,620
In my opinion that you can use especially if it's just a one time password so to quickly recap in this

393
00:30:25,620 --> 00:30:30,720
lesson you were introduced to the built in variable of random which generates a random integer each

394
00:30:30,720 --> 00:30:32,420
time that it's referenced.

395
00:30:32,430 --> 00:30:37,230
You also worked with a date command and used its formatting options to control its output.

396
00:30:37,260 --> 00:30:43,950
From there we talked about checksums and specifically looked at the Shaw one PS. and Shaw 256 some commands.

397
00:30:43,980 --> 00:30:49,380
You also learned about the head command which can display the top or beginning lines or characters of

398
00:30:49,380 --> 00:30:50,290
a file.

399
00:30:50,430 --> 00:30:55,430
Next to use the full command to transform a single line of text into multiple lines.

400
00:30:55,440 --> 00:30:58,520
Finally you use the shut command to randomly select a line.