PHPackages jeslxdev/password-scrambler - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. jeslxdev/password-scrambler ActiveLibrary[Security](/categories/security) jeslxdev/password-scrambler =========================== Password scrambler: reversible time-bound Base64 shuffle + AEAD (XChaCha20-Poly1305) and Argon2id hasher. 10PHPCI passing Since Sep 4Pushed 8mo agoCompare [ Source](https://github.com/jeslxdev/password-scrambler)[ Packagist](https://packagist.org/packages/jeslxdev/password-scrambler)[ RSS](/packages/jeslxdev-password-scrambler/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) jeslxdev/password-scrambler =========================== [](#jeslxdevpassword-scrambler) Concise, production-focused PHP library for reversible, time-boxed password tokenization and secure password storage. What this library provides - Deterministic reversible "scrambling" of password strings: Base64 encode -> deterministic shuffle -> AEAD (XChaCha20-Poly1305). - Time-boxed keys with TTL and grace window for key rotation. - Compact, versioned token format (base64url JSON payload). - Argon2id password hashing for long-term storage (recommended). - A small PDO-backed repository to persist scrambled tokens without requiring callers to write SQL. Requirements - PHP >= 8.4 - ext-sodium - ext-json - PDO + appropriate driver for your DB (SQLite or MySQL supported by repository code) Quick usage 1. Create key descriptor and key store ``` use JeslxDev\PasswordScrambler\KeyStore\KeyDescriptor; use JeslxDev\PasswordScrambler\KeyStore\InMemoryKeyStore; $master = random_bytes(32); $kid = substr(bin2hex(sodium_crypto_generichash($master, '', 16)), 0, 8); $desc = new KeyDescriptor($kid, base64_encode($master), time(), 86400); $store = new InMemoryKeyStore([$desc]); ``` 2. Encrypt / decrypt ``` use JeslxDev\PasswordScrambler\Cipher\PasswordCipher; use JeslxDev\PasswordScrambler\Cipher\CipherConfig; $cipher = new PasswordCipher($store, new CipherConfig()); $token = $cipher->encrypt('my-plain-password'); $plain = $cipher->decrypt($token); ``` 3. Store tokens with PasswordManager (optional) ``` use JeslxDev\PasswordScrambler\Storage\DBConfig; use JeslxDev\PasswordScrambler\Storage\Database; use JeslxDev\PasswordScrambler\Service\PasswordManagerFactory; $db = new Database(new DBConfig('sqlite:/path/to/file.db')); $manager = PasswordManagerFactory::createFromDbAndKeyStore($db, $store); $manager->store('user-id', 'my-plain-password'); ``` Migration - A minimal migration helper is available at `bin/migrate.php`. It creates a `user_passwords` table for SQLite or MySQL. - For production use, prefer a dedicated migration tool (Phinx, Doctrine Migrations, Flyway, etc.). Security notes - Never commit master key material. Keep keys in an HSM or a secrets manager when possible. - The reversible token is intended for workflows that need restoration for a limited time; prefer one-way hashing (Argon2id) when possible. Testing - Unit tests: PHPUnit. An integration test uses SQLite in-memory and will be skipped if the PDO sqlite driver is not present. License - MIT ### Health Score 17 — LowBetter than 6% of packages Maintenance45 Moderate activity, may be stable Popularity2 Limited adoption so far Community6 Small or concentrated contributor base Maturity13 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/82eef1395d9c11f8c6964b20e27b479e2baa8e0fd15c713b2096ed12221a08b6?d=identicon)[jeslxdev](/maintainers/jeslxdev) --- Top Contributors [![jeslxdev](https://avatars.githubusercontent.com/u/40040384?v=4)](https://github.com/jeslxdev "jeslxdev (2 commits)") ### Embed Badge ![Health badge](/badges/jeslxdev-password-scrambler/health.svg) ``` [![Health](https://phpackages.com/badges/jeslxdev-password-scrambler/health.svg)](https://phpackages.com/packages/jeslxdev-password-scrambler) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M212](/packages/defuse-php-encryption)[roave/security-advisories Prevents installation of composer packages with known security vulnerabilities: no API, simply require it 2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M112](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 86917.5M63](/packages/bjeavons-zxcvbn-php)[enlightn/security-checker A PHP dependency vulnerabilities scanner based on the Security Advisories Database. 33732.2M110](/packages/enlightn-security-checker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)