NAME

App::bmkpasswd - bcrypt-capable mkpasswd(1) and exported helpers

SYNOPSIS

  ## From Perl:

  use App::bmkpasswd 'mkpasswd', 'passwdcmp';
  my $bcrypted = mkpasswd($passwd);
  say 'matched' if passwdcmp($passwd, $bcrypted);

  ## From a shell:

  bmkpasswd --help
  
  # Generate bcrypted passwords
  # Defaults to work cost factor '08':
  bmkpasswd
  bmkpasswd --workcost='06'

  # SHA requires Crypt::Passwd::XS or glibc2.7+
  bmkpasswd --method='sha512'
  
  # Compare a hash:
  bmkpasswd --check=HASH

  # Check hash generation times:
  bmkpasswd --benchmark

DESCRIPTION

App::bmkpasswd is a simple bcrypt-enabled mkpasswd. (Helper functions are also exported for use in other applications; see "EXPORTED".)

See bmkpasswd --help for usage information.

Uses Crypt::Eksblowfish::Bcrypt for bcrypted passwords. Bcrypt hashes come with a configurable work-cost factor; that allows hash generation to become configurably slower as computers get faster, thereby impeding brute-force hash generation attempts.

See http://codahale.com/how-to-safely-store-a-password/ for more on why you ought to be using bcrypt or similar "adaptive" techniques.

SHA-256 and SHA-512 are supported if available. You'll need either Crypt::Passwd::XS or a system crypt() that can handle SHA, such as glibc-2.7+ or newer FreeBSD builds.

Uses Bytes::Random::Secure to generate random salts.

EXPORTED

You can use the exported mkpasswd and passwdcmp functions in other Perl modules/applications:

  use App::bmkpasswd qw/mkpasswd passwdcmp/;

mkpasswd

  ## Generate a bcrypted passwd with work-cost 08:
  $bcrypted = mkpasswd($passwd);

  ## Generate a bcrypted passwd with other work-cost:
  $bcrypted = mkpasswd($passwd, 'bcrypt', '06');

  ## SHA:
  $crypted = mkpasswd($passwd, 'sha256');
  $crypted = mkpasswd($passwd, 'sha512');

  ## Use a strongly-random salt (requires spare entropy):
  $crypted = mkpasswd($passwd, 'bcrypt', '08', 'strong');
  $crypted = mkpasswd($passwd, 'sha512', 0, 'strong');

passwdcmp

  ## Compare a password against a hash
  ## passwdcmp() will return the hash if it is a match
  if ( passwdcmp($passwd, $hash) ) {
    ## Successful match
  } else {
    ## Failed match
  }

BUGS

There is currently no easy way to pass your own salt; frankly, this thing is aimed at some projects of mine where that issue is unlikely to come up and randomized is appropriate. If that's a problem, patches welcome? ;-)

AUTHOR

Jon Portnoy <avenj@cobaltirc.org>

To install App::bmkpasswd, copy and paste the appropriate command in to your terminal.

cpanm

cpanm App::bmkpasswd

CPAN shell

perl -MCPAN -e shell
install App::bmkpasswd

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)