NAME
App::bmkpasswd - bcrypt-capable mkpasswd(1) and exported helpers
SYNOPSIS
## From Perl:
use App::bmkpasswd 'mkpasswd', 'passwdcmp';
my $bcrypted = mkpasswd($passwd);
say 'matched' if passwdcmp($passwd, $bcrypted);
## From a shell:
bmkpasswd --help
# Generate bcrypted passwords
# Defaults to work cost factor '08':
bmkpasswd
bmkpasswd --workcost='06'
# SHA requires Crypt::Passwd::XS or glibc2.7+
bmkpasswd --method='sha512'
# Compare a hash:
bmkpasswd --check=HASH
# Check hash generation times:
bmkpasswd --benchmark
DESCRIPTION
App::bmkpasswd is a simple bcrypt-enabled mkpasswd.
Helper functions are also exported for use in other applications; see
"EXPORTED". Crypt::Bcrypt::Easy provides an easier programmatic
interface.
See "bmkpasswd --help" for usage information.
Uses Crypt::Eksblowfish::Bcrypt for bcrypted passwords. Bcrypt hashes
come with a configurable work-cost factor; that allows hash generation
to become configurably slower as computers get faster, thereby impeding
brute-force hash generation attempts.
See for more on
why you ought to be using bcrypt or similar "adaptive" techniques.
SHA-256 and SHA-512 are supported if available. You'll need either
Crypt::Passwd::XS or a system crypt() that can handle SHA, such as
glibc-2.7+ or newer FreeBSD builds.
Uses Bytes::Random::Secure to generate random salts.
EXPORTED
Crypt::Bcrypt::Easy provides an easier programmatic interface, if you're
only interested in generating bcrypt passwords. If you'd like to make
use of other password types, ou can use the exported mkpasswd and
passwdcmp functions:
use App::bmkpasswd qw/mkpasswd passwdcmp/;
mkpasswd
## Generate a bcrypted passwd with work-cost 08:
$bcrypted = mkpasswd($passwd);
## Generate a bcrypted passwd with other work-cost:
$bcrypted = mkpasswd($passwd, 'bcrypt', '06');
## SHA:
$crypted = mkpasswd($passwd, 'sha256');
$crypted = mkpasswd($passwd, 'sha512');
## Use a strongly-random salt (requires spare entropy):
$crypted = mkpasswd($passwd, 'bcrypt', '08', 'strong');
$crypted = mkpasswd($passwd, 'sha512', 0, 'strong');
passwdcmp
## Compare a password against a hash
## passwdcmp() will return the hash if it is a match
if ( passwdcmp($plaintext, $crypted) ) {
## Successful match
} else {
## Failed match
}
BUGS
There is currently no easy way to pass your own salt; frankly, this
thing is aimed at some projects of mine where that issue is unlikely to
come up and randomized is appropriate. If that's a problem, patches
welcome? ;-)
AUTHOR
Jon Portnoy