bmkpasswd - bcrypt-enabled mkpasswd
bmkpasswd [OPTIONS]... [PASSWD]
-m, --method=TYPE [default: bcrypt] Types: bcrypt (recommended; guaranteed available) sha512 (requires recent libc or Crypt::Passwd::XS) sha256 (requires recent libc or Crypt::Passwd::XS) -w, --workcost=NUM Bcrypt work-cost factor; default 08. Higher is slower. Should be a two-digit power of 2. -c, --check=HASH Compare password against given HASH -s, --strong Use strongly-random salt generation -b, --benchmark Show timers; useful for comparing hash generation --available List available methods (one per line) --version Display version information and available methods
If PASSWD is missing, it is prompted for interactively.
Simple bcrypt-enabled mkpasswd.
While SHA512 isn't a bad choice if you have it, bcrypt has the advantage of including a configurable work cost factor.
A higher work cost factor exponentially increases hashing time, meaning a brute-force attack against stolen hashes can take a very long time.
Salts are randomly generated using Bytes::Random::Secure::Tiny. Using the
--strong option requires a reliable source of entropy; if you are entropy-starved, try haveged (http://www.issihosts.com/haveged/downloads.html), especially on headless Linux systems.
See App::bmkpasswd for more details on bcrypt and the inner workings of this software.
See Crypt::Bcrypt::Easy if you'd like a simple interface to creating and comparing bcrypted passwords from your own modules.
5.8.x perls or
MSWin32 platforms will need Term::ReadKey to turn off terminal echo for password prompts.
Jon Portnoy <email@example.com>