bmkpasswd - bcrypt-enabled mkpasswd
bmkpasswd [OPTIONS]... [PASSWD]
-m, --method=TYPE [default: bcrypt] Types: bcrypt (recommended; guaranteed available) sha512 (requires recent libc or Crypt::Passwd::XS) sha256 (requires recent libc or Crypt::Passwd::XS) -w, --workcost=NUM Bcrypt work-cost factor; default 08. Higher is slower. Should be a two-digit power of 2. -c, --check=HASH Compare password against given HASH -s, --strong Use strongly-random salt generation -b, --benchmark Show timers; useful for comparing hash generation --version Display version information and available methods
If PASSWD is missing, it is prompted for interactively.
Simple bcrypt-enabled mkpasswd.
While SHA512 isn't a bad choice if you have it, bcrypt has the advantage of including a configurable work cost factor.
A higher work cost factor exponentially increases hashing time, meaning a brute-force attack against stolen hashes can take a very long time.
Salts are randomly generated using Bytes::Random::Secure. Using the
--strong option requires a reliable source of entropy; try haveged (http://www.issihosts.com/haveged/downloads.html), especially on headless Linux systems.
See App::bmkpasswd for more details on bcrypt and the inner workings of this software.
See Crypt::Bcrypt::Easy if you'd like a simple interface to creating and comparing bcrypted passwords from your own modules.
Jon Portnoy <email@example.com>