Version: 1.1
Type: Sample Code (HOWTO)
Category: Algorithms
License: GNU General Public License
Description: This is a secure password generator. It uses random seeds to assure best randomization. It comes in the form of three strengths:
1) Uberstrong (A-Z, a-z, 0-9, special chars (ie. !@#$%&*(), etc), 26 chars in length.
2) Strong (A-Z, a-z, 0-9), 26 chars in length.
3) Strong-but-compatible (A-Z, a-z, 0-9), 12 chars in length.
I have tested them all on securitystats.com and they have given good results (Uberstrong gives full security, Strong and Strong-but-compatible gives about 80% security).
All code reasonably commented, so you should be able to get around it alright.
<?php
// mtpwd.php
// Version 1.1
//
// Current usage instructions:
// The best way to use this now, is to require("mtpwd.php") or include("mtpwd.php")
// and call the functions like that, instead of just copying and pasting
// all the code into your own script.
//
// To use it:
//
// $uberstrong = mtpwd(MTPWD_UBERSTRONG);
// $strong = mtpwd(MTPWD_STRONG);
// $compatible = mtpwd(MTPWD_COMPATIBLE);
//
// Version history:
// 1.1: Made everything function based instead of just plain code
// 1.0: Initial release, everything is just code samples.
//
// ** NOTES ON GENERATED PASSWORDS **
// You may need to generate a few to make sure
// that a wide range of characters are available (specially the
// compatible password, it sometimes may not contain numbers).
//
// This is just to be 100% secure. For randomly generated passwords
// used inside PHP sign-up pages, this will be quite suffice to just use
// the first password it spits out.
//
// You can usually never go wrong with the Uberstrong password.
//
// DO NOT BE ALARMED IF THE TEST DOES NOT SHOW THE LAST TWO PASSWORDS
// this is because some characters cause the browser to break, but this
// will have no difficulties when storing the passwords in databases, text
// files, or variables.
//
// This code was written by Josh Finlay
// [email protected]
// some configuration constants
define("MTPWD_UBERSTRONG", "0");
define("MTPWD_STRONG", "1");
define("MTPWD_COMPATIBLE", "2");
// Generates a random seed to use with rand()
function make_seed() {
list($usec, $sec) = explode(' ', microtime());
return (float) $sec + ((float) $usec * 1000003);
}
function mtpwd($type) {
// Generate an array of characters to use (excluding special characters)
for ($x = 48; $x < 58; $x++) {
$spar[] = $x;
}
for ($x = 65; $x < 91; $x++) {
$spar[] = $x;
}
for ($x = 97; $x < 123; $x++) {
$spar[] = $x;
}
// end of array generation
if ($type == MTPWD_UBERSTRONG) {
// Generate an Uberstrong password of A-Z, a-z, 0-9, and special characters (eg. %, #, $, etc)
// Password length is no greater than 26, may be too long for some purposes.
$uspwd = '';
for ($i = 0; $i < 27; $i++) {
srand(make_seed());
$uspwd .= chr(rand(33, 126));
}
return $uspwd;
}
// Below is code for the Strong (and strong-but-compatible) passwords
// These do not contain any special characters
elseif ($type == MTPWD_STRONG) {
// Generate Strong password with a length no greater than 26 characters
// This may not be suitable for some purposes, due to length restrictions.
$spwd = '';
for ($i = 0; $i < 27; $i++) {
srand(make_seed());
$spwd .= chr($spar[rand(0, count($spar)-1)]);
}
return $spwd;
}
elseif ($type == MTPWD_COMPATIBLE) {
// Generate Strong-but-compatible
// This is the same characters as a Strong password but is shorter to be
// used in more situations. This has a password length of 12.
$wpwd = '';
for ($i = 0; $i < 13; $i++) {
srand(make_seed());
$wpwd .= chr($spar[rand(0, count($spar)-1)]);
}
return $wpwd;
}
else { return "INVALID TYPE"; }
}
// end of code.
// this is some demo code, uncomment it to try it out.
//print "<pre>";
//print "Uberstrong: ".mtpwd(MTPWD_UBERSTRONG);
//print "nStrong: ".mtpwd(MTPWD_STRONG);
//print "nCompatible: ".mtpwd(MTPWD_COMPATIBLE);
//print "</pre>";
?>
