Generate Secure, Memorable Passphrases in PHP with PHP Passphrase

umershahzad4466@gmail.com

Introduction

Passphrases string together multiple random words like sphere-quartz-bright-flame to create credentials that are both secure and easy for humans to read and remember. PHP Passphrase, created by Nico Bleiler, generates these passphrases following the EFF’s suggested method for passphrase generation by combining random words from the EFF long word list. The package mirrors Bitwarden’s Rust implementation and includes built-in Laravel support, as well as standalone PHP usage. PHP Passphrase is useful for applications that need to generate temporary passwords or recovery codes, or any scenario where a human-readable, secure string is preferable to a random character sequence.

Main Features

Everything you need for secure, memorable passphrase generation

PHP Passphrase includes several features for generating passphrases:

  • Bitwarden-compatible options for word count, separators, capitalization, and number inclusion
  • Uses EFF long word list (7,776 words) bundled and cached for fast generation
  • Custom word lists from files or arrays
  • Laravel integration with service provider, facade, dependency injection, and publishable config
  • Standalone usage without Laravel or any framework

Getting Started

Install the package via Composer

Installation

Copy Code
composer require nicobleiler/php-passphrase

Laravel will auto-discover the service provider. No additional setup is needed to start generating passphrases.

Generating Passphrases

Use the Passphrase facade in Laravel

Laravel Usage

Copy Code
use NicoBleiler\Passphrase\Facades\Passphrase;

// Default: 3 words, hyphen separator, no capitalize, no number
Passphrase::generate();
// "unadvised-stubble-squid"

// Customize the output
Passphrase::generate(
    numWords: 5,
    wordSeparator: '~',
    capitalize: true,
    includeNumber: true,
);
// "Reggae~Blip~Prayer~Tabasco~Football5"

Dependency Injection

The package registers PassphraseGenerator as a singleton in the Laravel container, so you can inject it into your classes.

AuthController.php

Copy Code
use NicoBleiler\Passphrase\PassphraseGenerator;

class AuthController
{
    public function __construct(
        private PassphraseGenerator $passphrase,
    ) {}

    public function temporaryPassword(): string
    {
        return $this->passphrase->generate(
            numWords: 4,
            capitalize: true,
            includeNumber: true,
        );
    }
}

Standalone Usage

The package works without Laravel. Create a PassphraseGenerator instance directly.

Standalone PHP

Copy Code
use NicoBleiler\Passphrase\PassphraseGenerator;

$generator = new PassphraseGenerator();
echo $generator->generate(); // "zone-statue-corporal"

Custom Word Lists

The WordList class supports loading words from files or arrays.

Custom Word List

Copy Code
use NicoBleiler\Passphrase\WordList;
use NicoBleiler\Passphrase\PassphraseGenerator;

// From a file (plain text or EFF diceware format)
$wordList = WordList::fromFile('/path/to/wordlist.txt');

// From an array
$wordList = WordList::fromArray([
    'pizza', 'whisk', 'juice', 'beyond',
    'quartz', 'flame', 'vortex', 'bright', 'sphere',
]);

$generator = new PassphraseGenerator($wordList);
echo $generator->generate(numWords: 4);

Configuration

Publish the config and set default values for generation options.

config/passphrase.php

Copy Code
return [
    'num_words' => 3,
    'word_separator' => '-',
    'capitalize' => false,
    'include_number' => false,
    'word_list_path' => null, // null = EFF list, or path to custom file
];

Run php artisan vendor:publish --tag=passphrase-config to publish the config. Set a custom word list path in config/passphrase.php if needed, for example: 'word_list_path' => resource_path('wordlists/my-custom-list.txt')

Conclusion

Add secure, memorable passphrases to your PHP and Laravel apps

PHP Passphrase is a powerful package for generating secure, human-readable passphrases in PHP and Laravel. Following the EFF’s recommended approach and mirroring Bitwarden’s implementation, it offers Bitwarden-compatible options, Laravel integration, custom word lists, and standalone usage. Ideal for temporary passwords, recovery codes, and any scenario where memorable yet secure credentials are needed.

Key Takeaways:

  • Generates secure passphrases using EFF word list (7,776 words)
  • Bitwarden-compatible options for word count, separators, and formatting
  • First-class Laravel integration with facade and dependency injection
  • Custom word lists from files or arrays
  • Works standalone without any framework
  • Visit the GitHub repository for documentation and source code

For more information, check the Laravel News article or the PHP Passphrase GitHub repository.

Home » generate-secure-memorable-passphrases-in-php-with-php-passphrase
What is PHP Passphrase?

PHP Passphrase is a PHP package that generates secure, memorable passphrases by combining random words from the EFF long word list, following Bitwarden’s approach.

When should I use passphrases instead of passwords?

Passphrases are ideal for temporary passwords, recovery codes, or any scenario where you need human-readable, memorable yet secure credentials.

Does PHP Passphrase require Laravel?

No. PHP Passphrase works standalone without Laravel. It also offers first-class Laravel integration with a facade, service provider, and publishable config.

Can I use a custom word list?

Yes. The WordList class supports loading words from files or arrays. In Laravel, set the path in config/passphrase.php after publishing the config.

Leave a Reply

Your email address will not be published. Required fields are marked *