NAME

bmkpasswd - bcrypt-enabled mkpasswd

SYNOPSIS

bmkpasswd [OPTIONS]... [PASSWD]

OPTIONS

-h, --help

-m, --method <TYPE>
    crypt method.
    Types:
      bcrypt  (default; requires Crypt::Eksblowfish)
      sha512  (requires recent libc or Crypt::Passwd::XS)
      sha256  (requires recent libc or Crypt::Passwd::XS)
      md5     (weak, not recommended)

-c, --check <HASH>
    Check password against <HASH>.
    Method will be auto-detected.

-s, --strong
    Use a blocking random source like /dev/random
    to generate salts.

-w, --workcost <COST>
    bcrypt-only.
    Specify a work cost factor. Higher is slower.
    Must be a two-digit power of 2.
    Pad with zeros as necessary.

-b, --benchmark
    Show timers; useful for comparing hash generation times.

DESCRIPTION

Simple bcrypt-enabled mkpasswd.

While SHA512 isn't a bad choice if you have it, bcrypt has the advantage of including a configurable work cost factor.

A higher work cost factor exponentially increases hashing time, meaning a brute-force attack against stolen hashes can take a very long time.

Salts are randomly generated using Bytes::Random::Secure. Using the --strong option requires a reliable source of entropy; try haveged (http://www.issihosts.com/haveged/downloads.html), especially on headless Linux systems.

See App::bmkpasswd for more details on bcrypt and the inner workings of this software.

See Crypt::Bcrypt::Easy if you'd like a simple interface to creating and comparing bcrypted passwords from your own modules.

AUTHOR

Jon Portnoy <avenj@cobaltirc.org>