Jon Portnoy > App-bmkpasswd-2.001001 > bmkpasswd


Annotate this POD

View/Report Bugs
Source   Latest Release: App-bmkpasswd-2.004002


 bmkpasswd - bcrypt-enabled mkpasswd


 bmkpasswd [OPTIONS]... [PASSWD]


 -h, --help

 -m, --method <TYPE>
     crypt method.
       bcrypt  (default; requires Crypt::Eksblowfish)
       sha512  (requires recent libc or Crypt::Passwd::XS)
       sha256  (requires recent libc or Crypt::Passwd::XS)

 -c, --check <HASH>
     Check password against <HASH>.
     Method will be auto-detected.

 -s, --strong
     Use a blocking random source like /dev/random
     to generate salts.

 -w, --workcost <COST>
     Specify a work cost factor. Higher is slower.
     Must be a two-digit power of 2.
     Pad with zeros as necessary.

 -b, --benchmark
     Show timers; useful for comparing hash generation times.


Simple bcrypt-enabled mkpasswd.

While SHA512 isn't a bad choice if you have it, bcrypt has the advantage of including a configurable work cost factor.

A higher work cost factor exponentially increases hashing time, meaning a brute-force attack against stolen hashes can take a very long time.

Salts are randomly generated using Bytes::Random::Secure. Using the --strong option requires a reliable source of entropy; try haveged (, especially on headless Linux systems.

See App::bmkpasswd for more details on bcrypt and the inner workings of this software.

See Crypt::Bcrypt::Easy if you'd like a simple interface to creating and comparing bcrypted passwords from your own modules.


Jon Portnoy <>

syntax highlighting: