Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
App::bmkpasswd
Perl Perl6

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
bin
lib
t
xt
Changes
README.mkdn
dist.ini

README.mkdn

NAME

App::bmkpasswd - bcrypt-capable mkpasswd(1) and exported helpers

SYNOPSIS

## From Perl:

use App::bmkpasswd 'mkpasswd', 'passwdcmp';
my $bcrypted = mkpasswd($passwd);
say 'matched' if passwdcmp($passwd, $bcrypted);

## From a shell:

bmkpasswd --help


# Generate bcrypted passwords
# Defaults to work cost factor '08':
bmkpasswd
bmkpasswd --workcost='06'

# SHA requires Crypt::Passwd::XS or glibc2.7+
bmkpasswd --method='sha512'


# Compare a hash:
bmkpasswd --check=HASH

# Check hash generation times:
bmkpasswd --benchmark

DESCRIPTION

App::bmkpasswd is a simple bcrypt-enabled mkpasswd.

Helper functions are also exported for use in other applications; see "EXPORTED".

Crypt::Bcrypt::Easy provides an easier bcrypt-specific programmatic interface.

See bmkpasswd --help for usage information.

Uses Crypt::Eksblowfish::Bcrypt for bcrypted passwords.

Bcrypt comes with a configurable work-cost factor; that allows hash generation to become configurably slower as computers get faster, thereby impeding brute-force hash generation attempts.

See http://codahale.com/how-to-safely-store-a-password/ for more on why you ought to be using bcrypt or similar "adaptive" techniques.

SHA-256 and SHA-512 are supported if available. You'll need either Crypt::Passwd::XS or a system crypt() that can handle SHA, such as glibc-2.7+ or modern FreeBSD builds.

Uses Bytes::Random::Secure to generate random salts. For the paranoid, constant time comparison is used when comparing hashes; strongly-random salts can also be enabled.

EXPORTED

Crypt::Bcrypt::Easy provides an easier programmatic interface, if you're only interested in generating bcrypt passwords. If you'd like to make use of other password types, you can use the exported mkpasswd and passwdcmp functions:

use App::bmkpasswd qw/mkpasswd passwdcmp/;

mkpasswd

## Generate a bcrypted passwd with work-cost 08:
$bcrypted = mkpasswd($passwd);

## Generate a bcrypted passwd with other work-cost:
$bcrypted = mkpasswd($passwd, 'bcrypt', '10');

## SHA:
$crypted = mkpasswd($passwd, 'sha256');
$crypted = mkpasswd($passwd, 'sha512');

## Use a strongly-random salt (requires spare entropy):
$crypted = mkpasswd($passwd, 'bcrypt', '08', 'strong');
$crypted = mkpasswd($passwd, 'sha512', 0, 'strong');

passwdcmp

## Compare a password against a hash
## passwdcmp() will return the hash if it is a match
if ( passwdcmp($plaintext, $crypted) ) {
  ## Successful match
} else {
  ## Failed match
}

BUGS

There is currently no easy way to pass your own salt; frankly, this thing is aimed at some projects of mine where that issue is unlikely to come up and randomized is appropriate. If that's a problem, patches welcome? ;-)

AUTHOR

Jon Portnoy avenj@cobaltirc.org

Something went wrong with that request. Please try again.