NAME
bmkpasswd - bcrypt-enabled mkpasswdSYNOPSIS
bmkpasswd [OPTIONS]... [PASSWD]OPTIONS
-m, --method=TYPE [default: bcrypt]
Types: bcrypt (recommended; guaranteed available)
sha512 (requires recent libc or Crypt::Passwd::XS)
sha256 (requires recent libc or Crypt::Passwd::XS)
-w, --workcost=NUM Bcrypt work-cost factor; default 08.
Higher is slower. Should be a two-digit power of 2.
-c, --check=HASH Compare password against given HASH
-s, --strong Use strongly-random salt generation
-b, --benchmark Show timers; useful for comparing hash generation
--available List available methods (one per line)
--version Display version information and available methodsIf PASSWD is missing, it is prompted for interactively.
DESCRIPTION
Simple bcrypt-enabled mkpasswd.
While SHA512 isn't a bad choice if you have it, bcrypt has the advantage of including a configurable work cost factor.
A higher work cost factor exponentially increases hashing time, meaning a brute-force attack against stolen hashes can take a very long time.
Salts are randomly generated using Bytes::Random::Secure::Tiny. Using the --strong option requires a reliable source of entropy; if you are entropy-starved, try haveged (http://www.issihosts.com/haveged/downloads.html), especially on headless Linux systems.
See App::bmkpasswd for more details on bcrypt and the inner workings of this software.
See Crypt::Bcrypt::Easy if you'd like a simple interface to creating and comparing bcrypted passwords from your own modules.
CAVEATS
Users of 5.8.x perls or MSWin32 platforms will need Term::ReadKey to turn off terminal echo for password prompts.
AUTHOR
Jon Portnoy <jon@portnoy.me>