PHP password generation
| abstract |  |
| compatible | |
- PHP 4.3.0 or higher
- PHP 5
Traditional way of generating passwords is using rand() function: concatenate several random-selected letters together. Something like this:
<?php
function gen_trivial_password($len = 6)
{
$r = '';
for($i=0; $i<$len; $i++)
$r .= chr(rand(0, 25) + ord('a'));
return $r;
}
?>
Typical passwords produced by this function:
- kaaxqgsf
- rnspvfjh
- ndtfrdfj
Combination of rand() and md5() function is often used as a simpler alternative:
<?php
function gen_md5_password($len = 6)
{
// function calculates 32-digit hexadecimal md5 hash
// of some random data
return substr(md5(rand().rand()), 0, $len);
}
?>
Passwords generated by this function consists of hexadecimal numbers (0-9, A-F). They are also impossible to read and difficult to remember.
- bc923e42
- bcff4cb3
- 1394f386
Proposed function ae_gen_password tries to generate readable easy-to-remember passwords, like following:
- lyttakor
- rixagist
- fapoution
Algorithm is simple: we have an array of traditional English (in fact, of a latin and greek origin) prefixes (like kilo-, nano-, bio-, mini-, auto-, …) and an array of common suffixes (like -tion, -ment, -or, …). Beside prefix and suffixes-arrays, we have a list of a vowel and consonant sound-letters (letters that produce vowel and consonant sounds).
To generate a password, we take random prefix(optionally), produce several simple syllables (one random consonant and one random vowel) and then select random suffix.
<?php
function ae_gen_password($syllables = 3, $use_prefix = false)
{
// Define function unless it is already exists
if (!function_exists('ae_arr'))
{
// This function returns random array element
function ae_arr(&$arr)
{
return $arr[rand(0, sizeof($arr)-1)];
}
}
// 20 prefixes
$prefix = array('aero', 'anti', 'auto', 'bi', 'bio',
'cine', 'deca', 'demo', 'dyna', 'eco',
'ergo', 'geo', 'gyno', 'hypo', 'kilo',
'mega', 'tera', 'mini', 'nano', 'duo');
// 10 random suffixes
$suffix = array('dom', 'ity', 'ment', 'sion', 'ness',
'ence', 'er', 'ist', 'tion', 'or');
// 8 vowel sounds
$vowels = array('a', 'o', 'e', 'i', 'y', 'u', 'ou', 'oo');
// 20 random consonants
$consonants = array('w', 'r', 't', 'p', 's', 'd', 'f', 'g', 'h', 'j',
'k', 'l', 'z', 'x', 'c', 'v', 'b', 'n', 'm', 'qu');
$password = $use_prefix?ae_arr($prefix):'';
$password_suffix = ae_arr($suffix);
for($i=0; $i<$syllables; $i++)
{
// selecting random consonant
$doubles = array('n', 'm', 't', 's');
$c = ae_arr($consonants);
if (in_array($c, $doubles)&&($i!=0)) { // maybe double it
if (rand(0, 2) == 1) // 33% probability
$c .= $c;
}
$password .= $c;
//
// selecting random vowel
$password .= ae_arr($vowels);
if ($i == $syllables - 1) // if suffix begin with vovel
if (in_array($password_suffix[0], $vowels)) // add one more consonant
$password .= ae_arr($consonants);
}
// selecting random suffix
$password .= $password_suffix;
return $password;
}
?>
The first argument of a function is a number of syllables in a password (not recommended to use less than 2), the second argument is a prefix flag(whether to add prefix or not).
