NAME

bmkpasswd - bcrypt-enabled mkpasswd

SYNOPSIS

bmkpasswd [OPTIONS]... [PASSWD]

OPTIONS

-h, --help

-b, --benchmark
    Show timers; useful for comparing hash generation times.

-m, --method <TYPE>
    crypt method.
    Types:
      bcrypt (default; requires Crypt::Eksblowfish)
      sha512 (requires recent libc or Crypt::Passwd::XS)
      sha256 (requires recent libc or Crypt::Passwd::XS)
      md5 (fast, portable, weak)

-c, --check <HASH>
    Check password against <HASH>.
    Method will be auto-detected.

-s, --strong
    Use a blocking random source like /dev/random
    to generate salts.

-w, --workcost <COST>
    bcrypt-only.
    Specify a work cost factor. Higher is slower.
    Must be a two-digit power of 2.
    Pad with zeros as necessary.

DESCRIPTION

Simple bcrypt-enabled mkpasswd.

While SHA512 isn't a bad choice if you have it, bcrypt has the advantage of including a configurable work cost factor.

A higher work cost factor exponentially increases hashing time, meaning a brute-force attack against stolen hashes can take a very long time.

Salts are randomly generated using Bytes::Random::Secure. Using the --strong option requires a reliable source of entropy; try haveged (http://www.issihosts.com/haveged/downloads.html).

See App::bmkpasswd for more details.

AUTHOR

Jon Portnoy <avenj@cobaltirc.org>