NAME
bmkpasswd - bcrypt-enabled mkpasswd
SYNOPSIS
bmkpasswd [OPTIONS]... [PASSWD]
OPTIONS
-h, --help
-m, --method <TYPE>
crypt method.
Types:
bcrypt (default; requires Crypt::Eksblowfish)
sha512 (requires recent libc or Crypt::Passwd::XS)
sha256 (requires recent libc or Crypt::Passwd::XS)
md5 (if system crypt() supports it -- weak)
-c, --check <HASH>
Check password against <HASH>.
Method will be auto-detected.
-s, --strong
Use a blocking random source like /dev/random
to generate salts.
-w, --workcost <COST>
bcrypt-only.
Specify a work cost factor. Higher is slower.
Must be a two-digit power of 2.
Pad with zeros as necessary.
-b, --benchmark
Show timers; useful for comparing hash generation times.
DESCRIPTION
Simple bcrypt-enabled mkpasswd.
While SHA512 isn't a bad choice if you have it, bcrypt has the advantage of including a configurable work cost factor.
A higher work cost factor exponentially increases hashing time, meaning a brute-force attack against stolen hashes can take a very long time.
Salts are randomly generated using Bytes::Random::Secure. Using the --strong
option requires a reliable source of entropy; try haveged (http://www.issihosts.com/haveged/downloads.html), especially on headless Linux systems.
See App::bmkpasswd for more details (or if you'd like to use bcrypted passwords from your own modules).
AUTHOR
Jon Portnoy <avenj@cobaltirc.org>