Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
App::bmkpasswd

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
bin
lib/App
t
xt
Changes
README.mkdn
dist.ini

README.mkdn

NAME

App::bmkpasswd - bcrypt-capable mkpasswd(1) and exported helpers

SYNOPSIS

## From Perl:

use App::bmkpasswd 'mkpasswd', 'passwdcmp';
my $bcrypted = mkpasswd($passwd);
say 'matched' if passwdcmp($passwd, $bcrypted);

## From a shell:

bmkpasswd --help


# Generate bcrypted passwords
# Defaults to work cost factor '08':
bmkpasswd
bmkpasswd --workcost='06'

# SHA requires Crypt::Passwd::XS or glibc2.7+
bmkpasswd --method='sha512'


# Compare a hash:
bmkpasswd --check=HASH

# Check hash generation times:
bmkpasswd --benchmark

DESCRIPTION

App::bmkpasswd is a simple bcrypt-enabled mkpasswd. (Helper functions are also exported for use in other applications; see "EXPORTED".)

See bmkpasswd --help for usage information.

Uses Crypt::Eksblowfish::Bcrypt for bcrypted passwords. Bcrypt hashes come with a configurable work-cost factor; that allows hash generation to become configurably slower as computers get faster, thereby impeding brute-force hash generation attempts.

See http://codahale.com/how-to-safely-store-a-password/ for more on why you ought to be using bcrypt or similar "adaptive" techniques.

SHA-256 and SHA-512 are supported if available. You'll need either Crypt::Passwd::XS or a system crypt() that can handle SHA, such as glibc-2.7+ or newer FreeBSD builds.

Uses Bytes::Random::Secure to generate random salts.

EXPORTED

You can use the exported mkpasswd and passwdcmp functions in other Perl modules/applications:

use App::bmkpasswd qw/mkpasswd passwdcmp/;

mkpasswd

## Generate a bcrypted passwd with work-cost 08:
$bcrypted = mkpasswd($passwd);

## Generate a bcrypted passwd with other work-cost:
$bcrypted = mkpasswd($passwd, 'bcrypt', '06');

## SHA:
$crypted = mkpasswd($passwd, 'sha256');
$crypted = mkpasswd($passwd, 'sha512');

## Use a strongly-random salt (requires spare entropy):
$crypted = mkpasswd($passwd, 'bcrypt', '08', 'strong');
$crypted = mkpasswd($passwd, 'sha512', 0, 'strong');

passwdcmp

## Compare a password against a hash
## passwdcmp() will return the hash if it is a match
if ( passwdcmp($passwd, $hash) ) {
  ## Successful match
} else {
  ## Failed match
}

BUGS

There is currently no easy way to pass your own salt; frankly, this thing is aimed at some projects of mine where that issue is unlikely to come up and randomized is appropriate. If that's a problem, patches welcome? ;-)

AUTHOR

Jon Portnoy avenj@cobaltirc.org

Something went wrong with that request. Please try again.