PHPackages gabrielfrdev/secure-passhash - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. gabrielfrdev/secure-passhash ActiveLibrary[Security](/categories/security) gabrielfrdev/secure-passhash ============================ Secure CLI password hashing with Argon2id - Production-ready tool with strict security validation v1.0.1(4mo ago)13MITPHPPHP >=8.1CI failing Since Dec 23Pushed 4mo agoCompare [ Source](https://github.com/gabrielfrdev/secure-passhash)[ Packagist](https://packagist.org/packages/gabrielfrdev/secure-passhash)[ RSS](/packages/gabrielfrdev-secure-passhash/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (1)Versions (3)Used By (0) PassHash ======== [](#passhash) **PassHash** is a secure, developer-focused CLI tool and library for generating and verifying password hashes. It enforces modern security standards (Argon2id) with strict validation. 🔒 Security Features ------------------- [](#-security-features) - **Argon2id Standard**: Enforces **Argon2id** with a minimum of **64 MiB** memory cost. - **Secure Input**: Prevents password leakage in shell history by refusing CLI arguments. - **DoS Protection**: Validates input length (Max 4 KiB) and computational costs (Max Threads/Memory). - **Zero Dependencies**: Lightweight, PHP >= 8.1 only. 🚀 Installation -------------- [](#-installation) ### Global (Quick Use) [](#global-quick-use) ``` composer global require gabrielfrdev/secure-passhash ``` ### Local (Development) [](#local-development) ``` git clone https://github.com/gabrielfrdev/secure-passhash.git cd secure-passhash composer install ``` 🚀 Executable Location --------------------- [](#-executable-location) Dependendo de como você instalou, o executável estará em um lugar diferente: - **Instalação Global**: `passhash` - **Instalação Local (Composer)**: `vendor/bin/passhash` - **Pelo Código Fonte**: `./bin/passhash` *Nos exemplos abaixo, usaremos `./bin/passhash`, substitua pelo comando correspondente ao seu modo de instalação.* 🛠 Usage ------- [](#-usage) ### 1. Generating a Hash [](#1-generating-a-hash) PassHash uses secure prompts or pipes. **Passwords are never accepted as arguments.** **Interactive Mode (Recommended):** ``` ./bin/passhash hash # You will be prompted securely to enter the password. ``` **Automation (Pipe):** ``` echo "my_super_secret_password" | ./bin/passhash hash ``` **Output:** ``` ✔ Hash generated securely. Algorithm: Argon2id Hash: $argon2id$v=19$m=65536,t=4,p=1$XyZ... ``` ### 2. Verifying a Hash [](#2-verifying-a-hash) To verify, provide the hash. You will be prompted for the password. ``` ./bin/passhash verify '$argon2id$v=19$m=65536,t=4,p=1$...' # Prompt: Enter password to verify: ``` ### 3. Inspect Configuration [](#3-inspect-configuration) Check the current security parameters used by the machine. ``` ./bin/passhash config ``` 🛡 Security considerations ------------------------- [](#-security-considerations) 1. **Shell History**: We explicitly block `passhash hash ` to prevent your password from being saved in `.bash_history` or system logs (`ps aux`). 2. **Memory Defaults**: We default to **64 MiB** memory cost. OWASP recommends ~19 MiB, but 64 MiB is chosen for higher resistance against GPU cracking on modern servers. 3. **Windows Users**: On Windows CMD/PowerShell, secure input masking might not work (input visible). Use with caution or in a private environment. 🧪 Development & Testing --------------------------- [](#-development--testing) Run the security test suite: ``` composer test # or vendor/bin/phpunit ``` License ------- [](#license) MIT ### Health Score 34 — LowBetter than 77% of packages Maintenance74 Regular maintenance activity Popularity5 Limited adoption so far Community6 Small or concentrated contributor base Maturity44 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 146d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/c87272dd766e054cab59d3149ac3e9cbfe931ebc7d8feb28f1223a0b7c837176?d=identicon)[gabrielfrdev](/maintainers/gabrielfrdev) --- Top Contributors [![gabrielfrdev](https://avatars.githubusercontent.com/u/153218445?v=4)](https://github.com/gabrielfrdev "gabrielfrdev (5 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/gabrielfrdev-secure-passhash/health.svg) ``` [![Health](https://phpackages.com/badges/gabrielfrdev-secure-passhash/health.svg)](https://phpackages.com/packages/gabrielfrdev-secure-passhash) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41478.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 87117.5M63](/packages/bjeavons-zxcvbn-php)[illuminate/encryption The Illuminate Encryption package. 9229.7M280](/packages/illuminate-encryption)[paragonie/hidden-string Encapsulate strings in an object to hide them from stack traces 7410.6M39](/packages/paragonie-hidden-string) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)