http://www.bytemycode.com Revisions for this snippet. Wed, 09 Jul 2008 02:38:05 +0000 1998-2008 en-us http://www.bytemycode.com http://www.bytemycode.com/img/rss_title.gif http://www.bytemycode.com/snippets/snippet/578/1/ http://www.bytemycode.com/snippets/snippet/578/comments/ Fri, 19 Jan 2007 14:37:55 +0000 inxilpro "word list", Generator, Password, PHP, Random http://www.bytemycode.com/snippets/snippet/578/ This is a random password generator that produces understandable passwords based on word lists. I've only included a 3 entry world list because you should chose a list based on your password requirements and your users. If you need to generate passwords that are 14 characters in length, you will want a different list than if you're generating 8 character passwords. And depending on your users, you may want to use certain lists. The list I use is about 4000 words that are 5-7 characters long, all well-known words that have had potentially objectionable content removed. For security reasons I don't want to include this list.

A note on security: though this generates relatively strong passwords for the average user, they are particularly susceptible to brute-force attacks. This is even more an issue if somehow your word list gets compromised. I would not recommend using this function for anything where a highly secure password is needed.

A note on choosing your list: You'll also see that I've built the system to avoid generating passwords with zeros and ones in them. This is because zero and upper-case "o" can be confused as can one, lower-case "L" and upper-case "i." When choosing my word list I was also sure to strip out all words that start with the letter "o" or "i" (to prevent the optional ucfirst() from creating 0/O and I/1 confusion) and words that contain the letter "L" (to prevent l/1 confusion). I find that this greatly helps with preventing confusion, but again weakens the security of the passwords some. It's your choice.

]]>