PHP download

Download the PHP package northox/stupid-password without Composer

On this page you can find all versions of the php package northox/stupid-password. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download northox/stupid-password
More information about northox/stupid-password
Files in northox/stupid-password

Vendor northox
Package stupid-password
Short Description Provides a simple way of preventing user from using easy to guess/bruteforce password.
License BSD-3-Clause

Keywords security password

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of northox/stupid-password

Informations about the package stupid-password

Overview

StupidPass.class.php provides a simple way of preventing user from using easy to guess/bruteforce password. It has been develop to get rid of the crack-lib PHP extension.

Description

StupidPass.class.php is a PHP library that provides simple, yet pretty effective password validation rules.

The library implements 1337 speaking extrapolation. This converts the supplied password into an exhaustive list of possible simple alterations, such as changing the letter a to @ or 4, which is bordly used by end user to meet complexity rules. The complete list of alterations can be found below. This list is then compared against common passwords based on researcs done on the latest password database breaches (linkedin, stratfor, sony, phpbb, rockyou, myspace). Additionally, it validates the length and use of multiple charsets (uppsercase, lowercase, numeric, special) - the later drastically reducing the size of the common password list.

Here's the requirements:

ensure the length is at least 8 characters; AND
ensure is contains 4 charsets (i.e. uppercase, lowercase, numeric and special characters); AND
if environmental context is supplied, the list must not match the environmental context (regex) (e.g. the name of the company, the name of the application, the name of the site, the username, etc); AND
the list must not match with the supplied dictionary which is based on common weak passwords obtained by analysing the latest compromised password databases (stratfor, sony, phpbb, myspace, etc).

Additionally:

Online attacks should be mitigated by implementing anti-bruteforce techniques;
- e.g. nicht anti-bruteforce
Offline attacks should be mitigated by using strong hashing algorithm such as PBKDF2.
- e.g. nicht PBKDF2

Some maths

The minimum possible combination provided by stupid password is: lowercase + uppercase + numeric + special = (26 + 26 + 10 + 10)^8 = 72^8 = 7.222041363×10¹⁴

n.b. I consider only 10 possibilities for special characters as most users only use what's on top of the numbers (from a keyboard perspective).

If you consider loosing up the requirements, be advised that removing the numeric OR special charset (62^8 = 2.183401056×10¹⁴) is better than using 7 character passwords (72^7 = 1.0030613×10¹³) with all charsets.

1337 speak conversion table

@ => a, o  
4 => a
8 => b
3 => e
1 => i, l
! => i, l, 1
0 => o
$ => s, 5
5 => s
6 => b, d
7 => t

Usage

Simplest possible usage looks like this:

The most complex usage scenario could look like this:

Possible options:

'disable' (array): disable stated tests, e.g. array('special', 'lower') to disable both the test for special and lowercase characters.
'maxlen-guessable-test' (integer): disable environment and common password checks for passwords longer than given integer (due to high memory usage and cpu usage). Default: 24.

Please be advised that the minimum length requirement of 8 is hard-coded and can not be changed.

PHP Unit Tests

License

BSD license. In other words, it's free software, almost free as in free beer.

Source

https://github.com/northox/stupid-password

Authors

Danny Fullerton - Mantor Organization

Contributors

Stephan Bösch-Plepelits aka plepe
Nathan Feger aka nafeger
Mike McLin aka mikemclin
René Roth aka reneroth
John Koniges aka venar

All versions of stupid-password with dependencies

PHP Build Version

Package Version

Version v2.0 Release 24. Nov 2018
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of stupid-password from vendor northox

No informations.

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package northox/stupid-password contains the following files

Loading the files please wait ....