Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.2.1

Request #377 Possible alternative mechanism in _createPronounceable function
Submitted: 2003-12-08 14:07 UTC
From: jackh at iol dot ie Assigned: mj
Status: Assigned Package: Text_Password
PHP Version: Irrelevant OS: Red Hat / Irrelevant
Roadmaps: (Not assigned)    

 [2003-12-08 14:07 UTC] jackh at iol dot ie
Description: ------------ I didn't think it was appropriate to raise this through a bug report, but the feedback I got from the pear dev mailing list, suggested I did. Put simply, I have made minor mods to the _createPronounceable function in my local copy of Password.php. I think that the modifed function produces more pronounceable strings. The original mechanism looped through pairs of (Consonant Sound, Vowel Sound) to build up the string. I use an Initial Consonant Sound, followed by pairs of (Vowel Sound, Consonant Sound). The Initial Consonant Sound is selected from a different array of sounds to that used for the other Consonant Sounds. "rt" is not pronounceable at the start of a word, but is when it is preceded by a vowel sound. I have pasted the diff into the Reproduce Code field below. Reproduce code: --------------- ? Text_Password.diff Index: Password.php =================================================================== RCS file: /repository/pear/Text_Password/Password.php,v retrieving revision 1.7 diff -u -r1.7 Password.php --- Password.php 3 Apr 2003 11:37:19 -0000 1.7 +++ Password.php 8 Dec 2003 11:10:04 -0000 @@ -415,26 +415,45 @@ /** * List of vowels and vowel sounds */ - $v = array('a', 'e', 'i', 'o', 'u', 'ae', 'ou', 'io', - 'ea', 'ou', 'ia', 'ai' + $v = array('a', 'e', 'i', 'o', 'u', 'oo', 'ou', 'io', + 'ia', 'ai', 'ee', 'yo' ); /** - * List of consonants and consonant sounds + * List of beginner consonants and consonant sounds */ - $c = array('b', 'c', 'd', 'g', 'h', 'j', 'k', 'l', 'm', - 'n', 'p', 'r', 's', 't', 'u', 'v', 'w', - 'tr', 'cr', 'fr', 'dr', 'wr', 'pr', 'th', - 'ch', 'ph', 'st', 'sl', 'cl' + $c1 = array('b', 'c', 'd', 'f', 'g', 'h', 'j', 'k', 'l', 'm', + 'n', 'p', 'q', 'r', 's', 't', 'v', 'w', 'z', + 'bl', 'br', 'ch', 'cl', 'cr', 'dr', 'dw', 'gh', + 'gl', 'gr', 'kl', 'kn', 'kr', 'kw', 'mr', 'nr', + 'ph', 'pl', 'pr', 'pw', 'sc', 'sh', 'sm', 'sn', + 'sp', 'sr', 'st', 'sw', 'th', 'tl', 'tr', 'tw', + 'wh', 'wr', 'qu' ); + /** + * List of subsequent consonants and consonant sounds + */ + $cn = array('b', 'c', 'd', 'f', 'g', 'h', 'j', 'k', 'l', 'm', + 'n', 'p', 'q', 'r', 's', 't', 'v', 'w', 'z', + 'bb', 'bs', 'ch', 'ck', 'cs', 'ct', 'ds', 'ff', + 'fs', 'ft', 'gg', 'gs', 'ht', 'ks', 'ld', 'lf', + 'lg', 'lm', 'ln', 'lp', 'ls', 'lt', 'lv', + 'ms', 'nd', 'ng', 'nk', 'nn', 'ns', 'nt', 'ps', + 'pt', 'qs', 'rb', 'rc', 'rd', 'rf', 'rg', 'rk', + 'rm', 'rn', 'rp', 'rr', 'rs', 'rt', 'rv', 'rz', + 'sh', 'sk', 'sp', 'ss', 'st', 'th', 'ts', 'tt', + 'vs', 'wk', 'wn', 'wp', 'ws', 'wt' + + ); $v_count = 12; - $c_count = 29; - - $_Text_Password_NumberOfPossibleCharacters = $v_count + $c_count; + $c1_count = 54; + $cn_count = 80; - for ($i = 0; $i < $length; $i++) { - $retVal .= $c[mt_rand(0, $c_count-1)] . $v[mt_rand(0, $v_count-1)]; + $_Text_Password_NumberOfPossibleCharacters = $v_count + $cn_count; + $retVal = $c1[mt_rand(0, $c1_count-1)]; + for ($i = strlen($retVal); $i < $length; $i++) { + $retVal .= $v[mt_rand(0, $v_count-1)] . $cn[mt_rand(0, $cn_count-1)]; } return substr($retVal, 0, $length);


 [2004-01-09 16:44 UTC] xnoguer at php dot net
Some of the new vowels (ee, oo) and some of the consonants (wh, pw, tw, etc..) don't seem very easy to pronounce and therefore to remember unless you are an english speaker, which kind of defeats the purpose of the package. It's difficult to come up with a set of vowels and consonants that will be pronounceable for any possible language, but I think the smaller the sets the better the chance. My opinion may be conditioned by the fact that I am a spanish speaker though...
 [2004-01-09 21:27 UTC] mj
I share Xavier's concerns. jackh: What do you think of just adding new consonants for the beginning of a password ($c1) and leaving the subsequent vowels and consonants as they are? This shouldn't make it much harder to pronounce the passwords.
 [2004-07-11 22:50 UTC] gurugeek
Dear Maintainer, Your package text_password has currently 1 open bug. We urge you to take the necessary steps to solve the reported issues at your soonest convenience. If the bug issue hasn’t been addressed yet you are kindly asked to take the necessary steps to ensure a prompt resolution of the problem. If you already addressed the reported problem feel free to change the bug status as soon as possible. Regards David Costa PEAR Quality Assurance
 [2004-07-12 06:29 UTC] jackh at iol dot ie
Xavier and mj, Thanks for your comments. I didn't see them until now, when I got the reminder. Apologies for that. I must not have been using this system properly. I was working on a particular application when I modified Tex_password for my own needs. The reason for changing it was that I needed to call this function many times without generating repeat passwords. I didn't think that the original algorithm provided enough combinations. I completely your point that the combinations which I have put in are anglo-centric. The function could be modified to add another dimension could be added to the vowel and consonant sound arrays. This dimension would select a language. Fluent speakers of different languages could maintain the arrays for those languages. The language could be passed in as an optional parameter to _createPronounceable. If no language is passed in, the function could default to english or neutral arrays. Or maybe this is overkill for a fairly small function, and maybe mj's suggestion is a decent compromise? I am happy to be guided by the advice of more experienced contributors. This is my first attempt to contribute to the open-source community. Thanks, Jack
 [2008-11-30 13:58 UTC] mj (Martin Jansen)
FWIW, Text_Password will be folded into a new package called Text_Random at some point. Most likely this feature request won't be fixed in Text_Password anymore. Instead you'll have to wait for Text_Random then. See for details.