Free, tested & ready to use examples!
AnyExample.com
 
Web anyexample.com
 
Programming /  PHP

PHP password generation

abstract 
Modern web-applications often provide (during registration, or password-reset) random-generated passwords for its users. However these passwords (usually a random combination of letters or numbers) are quite hard to remember: in fact, it's even impossible to read them. This article provides a function for generating English-like readable passwords.
compatible 
  • PHP 4.3.0 or higher
  • PHP 5
    • p>Traditional way of generating passwords is using rand() function: concatenate several random-selected letters together. Something like this:

    source code: php
    <?php
    function gen_trivial_password($len 6)
    {
            $r '';
        for(    $i=0$i<$len$i++)
                $r .= chr(rand(025) + ord('a'));
        return     $r;
    }
    ?>

    Typical passwords produced by this function:

    • kaaxqgsf
    • rnspvfjh
    • ndtfrdfj

    Combination of rand() and md5() function is often used as a simpler alternative:

    source code: php
    <?php
    function gen_md5_password($len 6)
    {
            // function calculates 32-digit hexadecimal md5 hash
        // of some random data
            return substr(md5(rand().rand()), 0$len);
    }
    ?>

    Passwords generated by this function consists of hexadecimal numbers (0-9, A-F). They are also impossible to read and difficult to remember.

    • bc923e42
    • bcff4cb3
    • 1394f386

    Proposed function ae_gen_password tries to generate readable easy-to-remember passwords, like following:

    • lyttakor
    • rixagist
    • fapoution

    Algorithm is simple: we have an array of traditional English (in fact, of a latin and greek origin) prefixes (like kilo-, nano-, bio-, mini-, auto-, ...) and an array of common suffixes (like -tion, -ment, -or, ...). Beside prefix and suffixes-arrays, we have a list of a vowel and consonant sound-letters (letters that produce vowel and consonant sounds).

    To generate a password, we take random prefix(optionally), produce several simple syllables (one random consonant and one random vowel) and then select random suffix.

    source code: php
    <?php
    function ae_gen_password($syllables 3$use_prefix false)
    {

            // Define function unless it is already exists
            if (!function_exists('ae_arr'))
        {
                // This function returns random array element
                function ae_arr(&$arr)
            {
                return     $arr[rand(0sizeof($arr)-1)];
            }
        }

            // 20 prefixes
            $prefix = array('aero''anti''auto''bi''bio',
                            'cine''deca''demo''dyna''eco',
                            'ergo''geo''gyno''hypo''kilo',
                            'mega''tera''mini''nano''duo');

            // 10 random suffixes
            $suffix = array('dom''ity''ment''sion''ness',
                            'ence''er''ist''tion''or'); 

            // 8 vowel sounds 
            $vowels = array('a''o''e''i''y''u''ou''oo'); 

            // 20 random consonants 
            $consonants = array('w''r''t''p''s''d''f''g''h''j'
                                'k''l''z''x''c''v''b''n''m''qu');

            $password $use_prefix?ae_arr($prefix):'';
            $password_suffix ae_arr($suffix);

        for(    $i=0$i<$syllables$i++)
        {
                // selecting random consonant
                $doubles = array('n''m''t''s');
                $c ae_arr($consonants);
            if (    in_array($c$doubles)&&($i!=0)) { // maybe double it
                    if (rand(02) == 1// 33% probability
                        $c .= $c;
            }
                $password .= $c;
                //

            // selecting random vowel
                $password .= ae_arr($vowels);

            if (    $i == $syllables 1// if suffix begin with vovel
                    if (in_array($password_suffix[0], $vowels)) // add one more consonant 
                        $password .= ae_arr($consonants);

        }

            // selecting random suffix
            $password .= $password_suffix;

        return     $password;
    }
    ?>

    The first argument of a function is a number of syllables in a password (not recommended to use less than 2), the second argument is a prefix flag(whether to add prefix or not).

    Example usage:

    source code: php
    <!-- don't forget to paste code of ae_gen_password function 
    (see above) here -->
    <html><head><title>Memorizable password generator</title></head>
    <body>
    <h1>Memorizable password generator</h2>
    (press 'Refresh' to generate more)

    <h2>2 syllables, no prefix</h2>
    <ul>
    <?php 
    for($i=0$i<10$i++)
        echo     "<li>".ae_gen_password(2false)."</li>";
    ?>
    </ul>

    <h2>2 syllables, prefix</h2>
    <ul>
    <?php 
    for($i=0$i<10$i++)
        echo     "<li>".ae_gen_password(2true)."</li>";
    ?>
    </ul>


    <h2>3 syllables, no prefix</h2>
    <ul>
    <?php 
    for($i=0$i<10$i++)
        echo     "<li>".ae_gen_password(3false)."</li>";
    ?>
    </ul>

    <h2>3 syllables, prefix</h2>
    <ul>
    <?php 
    for($i=0$i<10$i++)
        echo     "<li>".ae_gen_password(3true)."</li>";
    ?>
    </ul>    
    </body>
    </html>
    warning 
  • Crypto-analytic who knows password generation algorithm(and the set of prefixes/suffixes) may perform successful brute-force attack (trying all possible passwords). However 3-syllable passwords(without prefix) are nearly as difficult to guess as 6-digit hexadecimal(string 0-F) password, which is suitable for non-critical applications.
  • Consider changing(adding more) arrays of prefixes/suffixes if you plan to use ae_gen_password function seriously
    • tested 
  • FreeBSD 5.2 :: PHP 5.1.4
  • Ubuntu Linux 6.2 :: PHP 5.2
    		•   


     
    © AnyExample 2010-2013
    License | Privacy | Contact