bmkpasswd - bcrypt-enabled mkpasswd
bmkpasswd [OPTIONS]... [PASSWD]
-h, --help -m, --method <TYPE> crypt method. Types: bcrypt (default; requires Crypt::Eksblowfish) sha512 (requires recent libc or Crypt::Passwd::XS) sha256 (requires recent libc or Crypt::Passwd::XS) md5 (if system crypt() supports it -- weak) -c, --check <HASH> Check password against <HASH>. Method will be auto-detected. -s, --strong Use a blocking random source like /dev/random to generate salts. -w, --workcost <COST> bcrypt-only. Specify a work cost factor. Higher is slower. Must be a two-digit power of 2. Pad with zeros as necessary. -b, --benchmark Show timers; useful for comparing hash generation times.
Simple bcrypt-enabled mkpasswd.
While SHA512 isn't a bad choice if you have it, bcrypt has the advantage of including a configurable work cost factor.
A higher work cost factor exponentially increases hashing time, meaning a brute-force attack against stolen hashes can take a very long time.
Salts are randomly generated using Bytes::Random::Secure. Using the
--strong option requires a reliable source of entropy; try haveged (http://www.issihosts.com/haveged/downloads.html), especially on headless Linux systems.
See App::bmkpasswd for more details (or if you'd like to use bcrypted passwords from your own modules).
Jon Portnoy <firstname.lastname@example.org>