App::bmkpasswd - bcrypt-capable mkpasswd(1) and exported helpers
## From Perl: use App::bmkpasswd 'mkpasswd', 'passwdcmp'; my $bcrypted = mkpasswd($passwd); say 'matched' if passwdcmp($passwd, $bcrypted); ## From a shell: bmkpasswd --help # Generate bcrypted passwords # Defaults to work cost factor '08': bmkpasswd bmkpasswd --workcost='06' # SHA requires Crypt::Passwd::XS or glibc2.7+ bmkpasswd --method='sha512' # Compare a hash: bmkpasswd --check=HASH # Check hash generation times: bmkpasswd --benchmark
App::bmkpasswd is a simple bcrypt-enabled mkpasswd. (Helper functions are also exported for use in other applications; see "EXPORTED".)
See bmkpasswd --help for usage information.
bmkpasswd --help
Uses Crypt::Eksblowfish::Bcrypt for bcrypted passwords. Bcrypt hashes come with a configurable work-cost factor; that allows hash generation to become configurably slower as computers get faster, thereby impeding brute-force hash generation attempts.
See http://codahale.com/how-to-safely-store-a-password/ for more on why you ought to be using bcrypt or similar "adaptive" techniques.
SHA-256 and SHA-512 are supported if available. You'll need either Crypt::Passwd::XS or a system crypt() that can handle SHA, such as glibc-2.7+ or newer FreeBSD builds.
Uses Bytes::Random::Secure to generate random salts.
You can use the exported mkpasswd and passwdcmp functions in other Perl modules/applications:
use App::bmkpasswd qw/mkpasswd passwdcmp/;
## Generate a bcrypted passwd with work-cost 08: $bcrypted = mkpasswd($passwd); ## Generate a bcrypted passwd with other work-cost: $bcrypted = mkpasswd($passwd, 'bcrypt', '06'); ## SHA: $crypted = mkpasswd($passwd, 'sha256'); $crypted = mkpasswd($passwd, 'sha512'); ## Use a strongly-random salt (requires spare entropy): $crypted = mkpasswd($passwd, 'bcrypt', '08', 'strong'); $crypted = mkpasswd($passwd, 'sha512', 0, 'strong');
## Compare a password against a hash ## passwdcmp() will return the hash if it is a match if ( passwdcmp($passwd, $hash) ) { ## Successful match } else { ## Failed match }
There is currently no easy way to pass your own salt; frankly, this thing is aimed at some projects of mine where that issue is unlikely to come up and randomized is appropriate. If that's a problem, patches welcome? ;-)
Jon Portnoy <avenj@cobaltirc.org>
To install App::bmkpasswd, copy and paste the appropriate command in to your terminal.
cpanm
cpanm App::bmkpasswd
CPAN shell
perl -MCPAN -e shell install App::bmkpasswd
For more information on module installation, please visit the detailed CPAN module installation guide.