NAME

App::bmkpasswd - bcrypt-enabled mkpasswd

SYNOPSIS

  bmkpasswd --help
  
  ## Generate bcrypted passwords
  ## Defaults to work cost factor '08':
  bmkpasswd
  bmkpasswd --workcost='06'

  ## Use other methods:
  bmkpasswd --method='md5'
  # SHA requires Crypt::Passwd::XS or glibc2.7+
  bmkpasswd --method='sha512'
  
  ## Compare a hash:
  bmkpasswd --check=HASH

DESCRIPTION

App::bmkpasswd is a simple bcrypt-enabled mkpasswd.

See bmkpasswd --help for usage information.

Uses Crypt::Eksblowfish::Bcrypt for bcrypted passwords. (See http://codahale.com/how-to-safely-store-a-password/ for why you ought to be using bcrypt or similar "adaptive" techniques).

SHA-256 and SHA-512 are supported if available. You'll need either Crypt::Passwd::XS or a system crypt() that can handle SHA, such as glibc-2.7 and newer.

MD5 uses the system's crypt() -- support for it is fairly universal.

Salts are randomly generated.

EXPORTED

You can use the exported mkpasswd and passwdcmp functions in other Perl modules/applications:

  use App::bmkpasswd qw/mkpasswd passwdcmp/;
  ## Generate a bcrypted passwd with work-cost 08:
  $bcrypted = mkpasswd($passwd);
  ## Generate a bcrypted passwd with other work-cost:
  $bcrypted = mkpasswd($passwd, 'bcrypt', '06');
  ## SHA:
  $crypted = mkpasswd($passwd, 'sha256');
  $crypted = mkpasswd($passwd, 'sha512');

  ## Compare a password against a hash:
  $pwd_matched++ if passwdcmp($passwd, $hash);

BUGS

There is currently no easy way to pass your own salt; frankly, this thing is aimed at some projects of mine where that issue is unlikely to come up and randomized is appropriate. If that's a problem, patches welcome? ;-)

AUTHOR

Jon Portnoy <avenj@cobaltirc.org>