Download the PHP package genphrase/genphrase without Composer
On this page you can find all versions of the php package genphrase/genphrase. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download genphrase/genphrase
More information about genphrase/genphrase
Files in genphrase/genphrase
Package genphrase
Short Description Secure passphrase generator for PHP applications
License MIT
Homepage https://github.com/timoh6/GenPhrase
Informations about the package genphrase
About
GenPhrase is a secure passphrase generator for PHP applications. GenPhrase is based on passwdqc's pwqgen program. See http://www.openwall.com/passwdqc/
GenPhrase can be used to generate secure and easy to memorize random passphrases. For example output, see examples.
GenPhrase can use arbitrary size wordlists. Words for a passphrase are selected uniformly at random from the wordset.
GenPhrase has a series of small security bug bounties. For more information, see GenPhrase Security Bug Bounties.
Requirements
GenPhrase requires PHP version 5.3 or greater with BC Math (--enable-bcmath). mbstring extension must be available if words are modified (e.g. capitalized).
HHVM compatibility
HipHop VM v2.3 and later is confirmed to support GenPhrase. Earlier versions of HHVM may work as well.
Installation
GenPhrase supports installation using Composer, but make sure you use at least Composer version 1.0.0-beta1 to install GenPhrase (Composer was vulnerable to MITM attacks before 1.0.0-beta1):
Passphrase generation with GenPhrase
By default, GenPhrase generates passphrases using english words (english.lst). Those passphrases will have at least 50 bits of entropy.
GenPhrase has currently two built-in wordlists: english.lst (default) and diceware.lst. You can add/remove/combine wordlists as you like.
More about the original english wordlist via Openwall: http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/passwdqc/passwdqc/wordset_4k.c?rev=1.5;content-type=text%2Fplain
The only modification between the GenPhrase english wordlist and the Openwall wordlist is we changed all the words to be lowercase.
Note, the Diceware list bundled with GenPhrase as of 1.1.0 is EFF's "long" version, but without four words which contains "-" character (as this character is a GenPhrase separator character). For more information about EFF's Diceware list, see: https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases
Note, GenPhrase allows you to specify separator characters which may be used between the words. If you want to specify these separator characters, make sure you use only unique single-byte characters. More information about setting separator characters is in the usage examples below.
What kind of passphrases GenPhrase generate?
A few examples to demonstrate the output:
With default settings, the passphrase would be for example like:
Alter Berlin Paint meaning
Generating a passphrase having 40 bits of entropy:
musica$Menu&Quota
A passphrase having 50 bits of entropy and separator characters and word capitalizing disabled:
setthenrolegiftdancing
Usage
How is entropy calculated?
As long as we have only unique elements in our wordlist and each element is
equally likely to be chosen, we can calculate the entropy per "element"
(usually a word) as follows:
log2(count_of_elements)
If we choose, say, 4 elements, the total entropy is:
4 * log2(count_of_elements)
If we choose 2 elements and one separator element:
2 * log2(count_of_elements)
+ log2(count_of_separators)
By default, GenPhrase will randomly (50:50 change) modify the first character of a word to either lower or upper case ("Apple" becomes "apple", "orange" becomes "Orange" etc.
In terms of entropy, this means we are actually doubling the "unique element count"
(our wordlist has, say, a word "apple", so we could come up with a word "apple" or
"Apple"):
log2(2 * count_of_elements)
Issues or questions?
Mail me at [email protected] or use GitHub.