Generate Secure, Memorable Passphrases in PHP with PHP Passphrase

Passphrases string together multiple random words like sphere-quartz-bright-flame to create credentials that are both secure and easy for humans to read and remember. PHP Passphrase, created by Nico Bleiler, generates these passphrases following the EFF's suggested method for passphrase generation by combining random words from the EFF long word list. The package mirrors Bitwarden's Rust implementation and includes built-in Laravel support, as well as standalone PHP usage.

The package is useful for applications that need to generate temporary passwords or recovery codes, or for any scenario where a human-readable, secure string is preferable to a random character sequence.

#Main Features

PHP Passphrase includes several features for generating passphrases:

• Bitwarden-compatible options for word count, separators, capitalization, and number inclusion
• Uses EFF long word list (7,776 words) bundled and cached for fast generation
• Custom word lists from files or arrays
• Laravel integration with a service provider, facade, dependency injection, and publishable config
• Standalone usage without Laravel or any framework

#Getting Started

Install the package via Composer:

composer require nicobleiler/php-passphrase

Laravel will auto-discover the service provider. No additional setup is needed to start generating passphrases.

#Generating Passphrases

Use the Passphrase facade to generate passphrases in Laravel:

use NicoBleiler\Passphrase\Facades\Passphrase;
 
// Default: 3 words, hyphen separator, no capitalize, no number
Passphrase::generate();
// "unadvised-stubble-squid"
 
// Customize the output
Passphrase::generate(
    numWords: 5,
    wordSeparator: '~',
    capitalize: true,
    includeNumber: true,
);
// "Reggae~Blip~Prayer~Tabasco~Football5"

#Dependency Injection

The package registers PassphraseGenerator as a singleton in the Laravel container, so you can inject it into your classes:

use NicoBleiler\Passphrase\PassphraseGenerator;
 
class AuthController
{
    public function __construct(
        private PassphraseGenerator $passphrase,
    ) {}
 
    public function temporaryPassword(): string
    {
        return $this->passphrase->generate(
            numWords: 4,
            capitalize: true,
            includeNumber: true,
        );
    }
}

#Standalone Usage

The package also works without Laravel. Create a PassphraseGenerator instance directly:

use NicoBleiler\Passphrase\PassphraseGenerator;
 
$generator = new PassphraseGenerator();
echo $generator->generate(); // "zone-statue-corporal"

#Custom Word Lists

The WordList class supports loading words from files or arrays:

use NicoBleiler\Passphrase\WordList;
use NicoBleiler\Passphrase\PassphraseGenerator;
 
// From a file (plain text or EFF diceware format)
$wordList = WordList::fromFile('/path/to/wordlist.txt');
 
// From an array
$wordList = WordList::fromArray([
    'pizza',
    'whisk',
    'juice',
    'beyond',
    'quartz',
    'flame',
    'vortex',
    'bright',
    'sphere',
]);
 
$generator = new PassphraseGenerator($wordList);
echo $generator->generate(numWords: 4);

In Laravel, you can point to a custom word list file through the published config:

php artisan vendor:publish --tag=passphrase-config

Then set the path in config/passphrase.php:

'word_list_path' => resource_path('wordlists/my-custom-list.txt'),

#Configuration

The published config file lets you set default values for all generation options:

return [
    'num_words' => 3,
    'word_separator' => '-',
    'capitalize' => false,
    'include_number' => false,
 
    // null = bundled EFF long word list
    // Or set an absolute path to a custom word list file
    'word_list_path' => null,
];

To learn more about PHP Passphrase and view the source code, visit the GitHub repository.