In php how can i generate a strong password using email ,current time etc.It should be atleast 45 character length.
whether generate_password(); is a good one?
2 Answers
use php's built in password_hash(). don't roll your own password hashing unless you are an expert.
for more info see:
http://www.php.net/manual/en/function.password-hash.php
if you absolutely must roll your own(or you are on windows and need something that is compatible with windows php), use some variant of crypt like what i use for devving on windows:
function generateHash($plainText, $encdata = false) { $strength = "08"; //if encrypted data is passed, check it against input if ($encdata) { if (substr($encdata, 0, 60) == crypt($plainText, "$2a$".$strength."$".substr($encdata, 60))) { return true; } else { return false; } } else { //make a salt and hash it with input, and add salt to end $salt = ""; for ($i = 0; $i < 22; $i++) { $salt .= substr("./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", mt_rand(0, 63), 1); } //return 82 char string (60 char hash & 22 char salt) return crypt($plainText, "$2a$".$strength."$".$salt).$salt; } } using this is fairly straightforward.
to hash a password do it like so
generateHash($password);
to check a password against a hash(such as the stored hash in a database for a user)
generateHash($password,$storedhash);
edit to generate a random password try this:
function generateString() { $string = ""; for($i=0; $i < 44; $i++) { $x = mt_rand(0, 3); switch($x) { case 0: $string.= chr(mt_rand(97,102));break; case 1: $string.= chr(mt_rand(65,90));break; case 2: $string.= chr(mt_rand(48,57));break; case 3: $string.= chr(mt_rand(103,122));break; } } return $string; } 
4 Comments
Ja͢ck
I think OP wants to generate password, not password hash :)
Ja͢ck
Also,
$2a$ is deprecated in favour of $2y$ and it's recommended to use openssl_random_pseudo_bytes() or similar function to generate the salt.
r3wt
you cant use openssl on windows. it results in the script executing until maximum execution time is reached(or it did last time i checked).
Ja͢ck
Then your installation is b0rked, OpenSSL works fine on Windows.
There are many way to do this but I found a very simple method which can generate strong password of any length. This method is based on str_shuffle() function which randomly shuffles a string.
<? function generate_password( $length = 8 ) { $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_-=+;:,.?"; $password = substr( str_shuffle( $chars ), 0, $length ); return $password; } ?> To generate random password simply pass the desired length of password in this function. If you omit length parameter then it will generate 8 character long password by default.
$password1 = generate_password(); // default length 8 $password2 = generate_password(6); // 6 character long password generate_password() is simple but, If you want to strong password then try to Hashing algorithm for it.
You could add a key to your hash and send the timestamp with the query, e.g.:
$time = time(); $hash = md5($key . $time); you can also use hash_hmac():more detail LINK
$password = hash_hmac('sha256', $username . time(), 'secret'); 4 Comments
Ja͢ck
str_shuffle() uses rand() internally, so I wouldn't suggest using this.
i'm PosSible
ya also use this bt also
mt_rand() is good one.but is better on integer value.
Quinn Comendant
Don't use
str_shuffle() to generate passwords. If your input string contains each character only once, the resulting password will use each character only once, providing a very low entropy value. Also, note that mt_rand() is also a poor choice for cryptographic use. Use openssl_random_pseudo_bytes() instead. See note at us2.php.net/manual/en/…Your $chars contain vowels. If you do not remove the vowels, then your password will contain selatious words and phrases, and cursewords. Also, you state this is "strong". This is not a "strong" password because of what @QuinnComendant mentioned about your resulting password containing each character only once.
password_hash()function for password storage.