[Resolved] Password Gen

proneil

Hi,

i need a password gen which uses a text file with words in, and adds 2 raddom nummbers to the end of the word. eg

sumthing like this in the text file
=-------------------------------------------

Objects:
house
cow
dog
cat
train
hand
#and so on

Descriptives:
sunny
coled
dark

#and so on

so the password gen would get a descriptive and then get a object and put it to gether then add a 2 digit nummber to it. then echo the password and the password encriped using MD5

Neil

😕 😕 😕

laserlight

Why not use 2 files?
That way you dont need to parse the file to check when does the descriptor section starts.

If each word is on a separate line, then use [man]file/man with [man]rtrim/man to get the word.
Just concatenate them together and do an mt_rand(10, 99) to get the pseudo-random number, which can be concatenated to the previous result as well.

As for the hash, I suggest that you use SHA1 with [man]sha1/man instead of MD5.
It doesnt really matter here and SHA1 isnt perfect too, but MD5 was shown to be susceptible to collisions at Crypto2004 in September last year.

proneil

thanks,

iam new to this password gen thing.

do you know what the code would look like cus i hav no clue

say i had to files like u sed

thanks
neil🙁🙁

laserlight

Here's some sample code:

//select pseudo-random element from $array
//$array obtained from file()
function randFromFileArray($array) {
	//rtrim() as file() leaves newline sequence at the end
	return rtrim($array[array_rand($array)]);
}

//generate initial password from 2 word source files
//append 2-digit pseudo-random number and return SHA1 hash
function generatePassword() {
	//get array of possible descriptive words
	$descriptives = file("descriptives.txt");
	//get array of possible object words
	$objects = file("objects.txt");
	return sha1(randFromFileArray($descriptives)
		. randFromFileArray($objects) . mt_rand(10, 99));
}

Obviously the textfiles will have to be secure from prying eyes, either with a .htaccess file or some other server configuration, or by placing these files above the web document root.

proneil

ok i put this code in a emty php page and made to files call desriptives.txt and objects.txt

and when u load the php page it dont show anything
do i need to put and echo in it?

thanks
Neil

laserlight

do i need to put and echo in it?

You would print a password as:
echo generatePassword();
though more likely you would store the value in a variable first.

It looks like your knowledge of PHP is a little shaky at this point.

I recommend that you take a structured approach to learning PHP, perhaps using Paul Hudson's online book, Practical PHP Programming.

proneil

i no iam used to using dreamwever to mak the code for me!

its saying the password in enycripted now so how would i make it show the password not enycripted so the user nows wot the new password is

Thanks Again

laserlight

its saying the password in enycripted now so how would i make it show the password not enycripted so the user nows wot the new password is

Taking a cryptographic hash of a message is not quite the same as encrypting the message.

Anyway, technicalities aside, you have to save the original message (i.e. the password before hashing) and print it for the user to see.

proneil

sorry but how would u do this?🙁

sorry for trubleing u

neil

laserlight

sorry but how would u do this?

By changing generatePassword() to generate the pre-image (i.e. before hashing) password instead.
You can then call generatePassword(), print its output, and store the hashed version of its output.

proneil

can you show me the code sorry i just dont understand with out the code

🙁 🙁

NEil

laserlight

can you show me the code sorry i just dont understand with out the code

I could show you the code very easily, but then I'd just be spoonfeeding you and you'll never learn.

Do you understand how the generatePassword() function works?

proneil

yes kind of

laserlight

yes kind of

Explain step by step what it does.

proneil

its the name of the function
function generatePassword() {

descriptive file $descriptives varible for file descriptives.txt
$descriptives = file("descriptives.txt");

object file $objects varible for the file objects.txt
$objects = file("objects.txt");

ok ?

just to let u no iam only 12! thats why iam not good at this stuff!

Neil

laserlight

ok ?

err, do you know what file() does (check the PHP Manual if you dont)?
You also missed out the crucial part of the function that you need to understand in order to tweak it.

just to let u no iam only 12! thats why iam not good at this stuff!

That's no excuse - I'm currently chatting with a 13 year old programmer (ok, 14 this year) who knows about as much C++ as I do, and I know a fair bit of C++.

proneil

Description
array file ( string filename [, int use_include_path [, resource context]] )

Identical to readfile(), except that file() returns the file in an array. Each element of the array corresponds to a line in the file, with the newline still attached. Upon failure, file() returns FALSE.

You can use the optional use_include_path parameter and set it to "1", if you want to search for the file in the include_path, too.

i can do php , flash ,asp but C++ i dont do!

own website neilnet.co.uk

TheDefender

Oh, this is excruciatingly painful... I am going to stick my glowing red hot prodder in here, to start herding you back into the corral here proneil.

This line is important too proneil. It's the crux of the function:

return sha1(randFromFileArray($descriptives) 
        . randFromFileArray($objects) . mt_rand(10, 99));

It returns one random descriptive concatenated to one random object concatenated to one random number between 10 and 99 encrypted using the sha1 encryption algorithm.

OK, so to get the PW, you need to first generate the word without the sha1 encryption and return it. Once you have returned it and defined the variable, you can then use the sha1 to encrypt it.

No code, but hopefully, I have given you enough information to figure it out.

(Sorry laserlight)

proneil

can u tell me how you set a varable

TheDefender

I don't want to confuse you because your function is returning the password already encrypted, so be sure you take the sha1 function off to return the word unencrypted.

Then:

$unencryptedpw = generatePassword();

Now your variable equals the unencrypted password your function is returning.

Then encrypt it.

$encryptedpw = sha1($unencryptedpw);

Now you have 2 variables, one that has the unencrypted one and one that has the encrypted one. From there, you need to figure out what you are going to do with them.

I am done in this thread.