Jump to content

Password Generation

random1

By random1
in PHP Coding Help

 Share

Recommended Posts

Grayda Member

Grayda

Posted
Posted

So you're after a password generator that will output a password that LOOKS like an English word but isn't?

 

I'd be wary of doing that, given that if you follow basic English rules, they will be easy to crack. The best method is to create a really random password that (ideally) includes letters, numbers and symbols, and is of a decent length. I've got a function prepared that will do just that and is easy to configure depending on what your password requirements are.

 

But if you are really determined to have English-looking words, I have links to several large dictionaries that you can pluck words from and mash them up, but again, I wouldn't recommend it, given that most password cracking software could get your password in a short amount of time

 

So, let us know exactly what you're after so we can give you a better answer ;D

Link to comment
Share on other sites
Batosi Newbie

Batosi

Posted
Posted

Hmm yea I agree you dont want to use words just random letters numbers

<?php
$pass = '';
$ar = str_split('abcdefghijklmnopqrstuvwxyz123456789');
for ($i=0;$i<9;$i++)
{
$pass .= $ar[array_rand($ar)];
}
?>

Probably not the best thing to use but it gives you the idea.

Link to comment
Share on other sites
chokies12 Newbie

chokies12

Posted
Posted

passwords should be encrypted so the main idea is generate and email and temporary code then a link. upon click the link $_GET the temporary code which you include in the url then if verified in the database show a change password form for much tighter security

Link to comment
Share on other sites
waynewex Advanced Member

waynewex

Posted
Posted 

$pass = rand(0,9).rand(0,9).rand(0,9).rand(0,9).rand(0,9).rand(0,9);

//send $pass to user via email

//encrypt pass and insert into password field
$pass = sha1($pass); //or use whatever encryption method you're using for password checking
//insert into password field

 

 

Link to comment
Share on other sites
Grayda Member

Grayda

Posted
Posted

If you can do that, I think NSA has a job for you. A computer is a deterministic device. Otherwise I'm afraid we'll have to do with pseudo random instead of really random.

 

Well, by really random, I meant, more random than English letters ;)

Here's the code I have, taken from my latest project. Does an alright job of generating passwords, but this is only one step in a secure password scheme:

 

<?php

/**
 * Password security. These optiona are to be used for toggling or enforcing password strength. To use effectively, you need to bitmasks.
*/
define("passEnforceMinimum", 1); # Should user::registerUser enforce a minimum password length?
define("passRequireAlpha", 2); # Do we need to have letters in the password?
define("passRequireNumbers", 4); # Do we need to have number(s) in the password?
define("passRequireSymbol", ; # Do we require non alphanumeric characters in the password?

define("passRequirements", passRequireAlpha | passRequireNumbers | passRequireSymbols); # Our passwords require: letters, numbers and symbols

/**
 * generatePassword creates a random password for you
 *
 * This function takes no parameters, instead it uses the password requirements (passRequirements) to determine what the password needs.
 * If you have passRequireAlpha set, your password will contain letters. If you have passRequireAlpha and passRequireNumbers, your password
 * will contain letters and numbers, and so forth.
 * Minimum password length is determined by passMinimumLength (which by default, is 
 *
 * @return	string	String containing your password
*/		
function generatePassword() {

	if(passRequireAlpha & passRequirements) { # If we require letters in our password
		for($i = 0; $i <= passMinimumLength - 1; $i++) { # Loop passMinimumLength times to ensure a nice random mix
			$pass[] = chr(rand(65, 90)); # Generate random uppercase letters one at a time and put them into an array for shuffling
			$pass[] = chr(rand(97, 122)); # Generate random lowercase letters
		}
	}

	if(passRequireNumbers & passRequirements) { # Same as above, but only for numbers
		for($i = 0; $i <= passMinimumLength - 1; $i++) {
			$pass[] = chr(rand(48, 57)); # 48-57 on the ASCII table is 0-9
		}
	}

	if(passRequireSymbol & passRequirements) { # Symbols!
		for($i = 0; $i <= passMinimumLength - 1; $i++) {
			$pass[] = chr(rand(33, 47)); 
			$pass[] = chr(rand(58, 64)); 
			$pass[] = chr(rand(91, 95)); 
			$pass[] = chr(rand(123, 126)); 
		}
	}

	shuffle($pass); # Finally, shuffle our array to mix it up
	$pass = implode("", $pass); # Glue the array together with no delimiter
	$pass = substr($pass, 0, passMinimumLength); # Then trim off all but passMinimumLength letters
	return $pass; # We're done!

}

?>

 

It's still in it's infancy and could be a LOT faster, but it works well enough. I can generate a few thousand passwords in a few seconds. Just paste it in and call $myPass = generatePassword(); to get a nice, pseudo-random password

 

If this is what you're after, mind you!

Link to comment
Share on other sites
tartis Newbie

tartis

Posted
Posted

I found this code on the web a few weeks ago, and it creates a readable password.  I would then insert it using encryption.

 

//password generator
function ae_gen_password($syllables = 3, $use_prefix = false)
{

    // Define function unless it is already exists
    if (!function_exists('ae_arr'))
    {
        // This function returns random array element
        function ae_arr(&$arr)
        {
            return $arr[rand(0, sizeof($arr)-1)];
        }
    }

    // 20 prefixes
    $prefix = array('aero', 'anti', 'auto', 'bi', 'bio',
                    'cine', 'deca', 'demo', 'dyna', 'eco',
                    'ergo', 'geo', 'gyno', 'hypo', 'kilo',
                    'mega', 'tera', 'mini', 'nano', 'duo');

    // 10 random suffixes
    $suffix = array('dom', 'ity', 'ment', 'sion', 'ness',
                    'ence', 'er', 'ist', 'tion', 'or'); 

    // 8 vowel sounds 
    $vowels = array('a', 'o', 'e', 'i', 'y', 'u', 'ou', 'oo'); 

    // 20 random consonants 
    $consonants = array('w', 'r', 't', 'p', 's', 'd', 'f', 'g', 'h', 'j', 
                        'k', 'l', 'z', 'x', 'c', 'v', 'b', 'n', 'm', 'qu');

    $password = $use_prefix?ae_arr($prefix):'';
    $password_suffix = ae_arr($suffix);

    for($i=0; $i<$syllables; $i++)
    {
        // selecting random consonant
        $doubles = array('n', 'm', 't', 's');
        $c = ae_arr($consonants);
        if (in_array($c, $doubles)&&($i!=0)) { // maybe double it
            if (rand(0, 2) == 1) // 33% probability
                $c .= $c;
        }
        $password .= $c;
        //

        // selecting random vowel
        $password .= ae_arr($vowels);

        if ($i == $syllables - 1) // if suffix begin with vovel
            if (in_array($password_suffix[0], $vowels)) // add one more consonant 
                $password .= ae_arr($consonants);

    }

    // selecting random suffix
    $password .= $password_suffix;

    return $password;
}
$password = ae_gen_password(3, false);
//end password

Link to comment
Share on other sites
Grayda Member

Grayda

Posted
Posted

I found this code on the web a few weeks ago, and it creates a readable password.  I would then insert it using encryption.

 

Just keep in mind that encryption is a good measure against people opening up your database and extracting the passwords from the table, but doesn't help much against brute-force attacks via your site

 

And @random1, I strongly urge you to check out recaptcha.net so you can add a CAPTCHA to your site. I was able to break this generation function in 30 minutes using a simple script. The script generates 100,000 passwords, stores them in a list, then generates another 100,000 and compares the two. If there is even a single match in the lists, the script aborts and lets you know there is a match. If I had pre-generated a list of millions of passwords, this could have been done quicker.

 

Also, if you're going to encrypt your information before you store it, pick and use a strong salt (ie. a phrase used alongside the encryption to make it even more secure) so if people get your encrypted text, it'll be tricky to work out the password AND the salt..

 

Sorry if I'm pulling this into a security discussion, but it's important to know all you can before going ahead with something that involves sensitive information ;)

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.