Crypt::Password::Util - Crypt password utilities


This document describes version 0.17 of Crypt::Password::Util (from Perl distribution Crypt-Password-Util), released on 2016-01-21.


 use Crypt::Password::Util qw(

Generating crypted password:

 say crypt('pass'); # automatically choose the appropriate type and salt

Recognizing whether a string is a crypted password:

 # return yes/no
 say looks_like_crypt('62F4a6/89.12z');   # 1
 say looks_like_crypt('foo');             # 0

 # return the crypt type
 say crypt_type('62F4a6/89.12z');                    # CRYPT
 say crypt_type('$1$$...');                          # MD5-CRYPT
 say crypt_type('$apr1$4DdvgCFk$...');               # MD5-CRYPT
 say crypt_type('$5$4DdvgCFk$...');                  # SSHA256
 say crypt_type('$6$4DdvgCFk$...');                  # SSHA512
 say crypt_type('1a1dc91c907325c69271ddf0c944bc72'); # PLAIN-MD5
 say crypt_type('$2a$08$TTSynMjJTrXiv3qEZFyM1.H9tjv71i57p2r63QEJe/2p0p/m1GIy2'); # BCRYPT
 say crypt_type('foo');                              # undef

 # return detailed information
 my $res = crypt_type('$1$$oXYGukVGYa16SN.Pw5vNt/', 1);
 # => {type=>'MD5-CRYPT', header=>'$1$', salt=>'', hash=>'oXYGukVGYa16SN.Pw5vNt/'}
 $res = crypt_type('foo', 1);
 # => undef


Crypt::Password::Util provides routines to: 1) generate crypted password; 2) recognition of whether a string is a crypted password or not, and its crypt type.

It recognizes several types of crypt methods:


looks_like_crypt($str) => bool

Return true if $str looks like a crypted password. If you want more information instead of just a yes/no, use crypt_type().

crypt_type($str[, $detail]) => str|hash

Return crypt type, or undef if $str does not look like a crypted password. Currently known types:

If $detail is set to true, will return a hashref of information instead. This include type, as well as the parsed header, salt, etc.

crypt($str) => str

Try to create a "reasonably secure" crypt password with the support available from the system's crypt().

Will first try to create a cost-based crypt, using rounds value that will approximately take ~10ms (on my PC computer, an Intel Core i5-2400 CPU, that is) to create. This lets a server verify ~100 passwords per second, which should be enough for many cases. On OpenBSD, will try BCRYPT with cost=7. On other systems, will try SSHA512 with rounds=15000.

If the above fails (unsupported by your crypt()), will fallback to MD5-CRYPT (supported by NetBSD), then CRYPT. Will die if that also fails.


Please visit the project's homepage at


Source repository is at


Please report any bugs or feature requests on the bugtracker website

When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature.


Authen::Passphrase which recognizes more encodings (but currently not SSHA256 and SSHA512).

Crypt::Bcrypt::Easy to generate BCRYPT crypts on systems that do not natively support it.

Crypt::PasswdMD5 to generate MD5-CRYPT crypts on systems that do not natively support it.

Crypt::Password which also provides a routine to compare a password with a crypted password.


perlancar <>


This software is copyright (c) 2016 by

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.