Jon Portnoy (PAUSE Custodial Account) > App-bmkpasswd > bmkpasswd


Annotate this POD

View/Report Bugs


 bmkpasswd - bcrypt-enabled mkpasswd


 bmkpasswd [OPTIONS]... [PASSWD]


 -m, --method=TYPE  [default: bcrypt]
     Types:  bcrypt  (recommended; guaranteed available)
             sha512  (requires recent libc or Crypt::Passwd::XS)
             sha256  (requires recent libc or Crypt::Passwd::XS)
 -w, --workcost=NUM Bcrypt work-cost factor; default 08.
                    Higher is slower. Should be a two-digit power of 2.
 -c, --check=HASH   Compare password against given HASH
 -s, --strong       Use strongly-random salt generation
 -b, --benchmark    Show timers; useful for comparing hash generation
 --available        List available methods (one per line)
 --version          Display version information and available methods

If PASSWD is missing, it is prompted for interactively.


Simple bcrypt-enabled mkpasswd.

While SHA512 isn't a bad choice if you have it, bcrypt has the advantage of including a configurable work cost factor.

A higher work cost factor exponentially increases hashing time, meaning a brute-force attack against stolen hashes can take a very long time.

Salts are randomly generated using Bytes::Random::Secure::Tiny. Using the --strong option requires a reliable source of entropy; if you are entropy-starved, try haveged (, especially on headless Linux systems.

See App::bmkpasswd for more details on bcrypt and the inner workings of this software.

See Crypt::Bcrypt::Easy if you'd like a simple interface to creating and comparing bcrypted passwords from your own modules.


Users of 5.8.x perls or MSWin32 platforms will need Term::ReadKey to turn off terminal echo for password prompts.


Jon Portnoy <>

syntax highlighting: