Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
App::bmkpasswd
Perl Perl6

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
bin
lib/App
t
Build.PL
Changes
MANIFEST
MANIFEST.SKIP
META.json
META.yml
Makefile.PL
README

README

NAME
    App::bmkpasswd - bcrypt-capable mkpasswd(1) and exported helpers

SYNOPSIS
      bmkpasswd --help
  
      ## Generate bcrypted passwords
      ## Defaults to work cost factor '08':
      bmkpasswd
      bmkpasswd --workcost='06'

      ## Use other methods:
      bmkpasswd --method='md5'
      # SHA requires Crypt::Passwd::XS or glibc2.7+
      bmkpasswd --method='sha512'
  
      ## Compare a hash:
      bmkpasswd --check=HASH

DESCRIPTION
    App::bmkpasswd is a simple bcrypt-enabled mkpasswd. (Helper functions
    are also exported for use in other applications; see "EXPORTED".)

    See "bmkpasswd --help" for usage information.

    Uses Crypt::Eksblowfish::Bcrypt for bcrypted passwords. (See
    <http://codahale.com/how-to-safely-store-a-password/> for why you ought
    to be using bcrypt or similar "adaptive" techniques).

    SHA-256 and SHA-512 are supported if available. You'll need either
    Crypt::Passwd::XS or a system crypt() that can handle SHA, such as
    glibc-2.7+ or newer FreeBSD builds.

    MD5 uses the system's crypt() -- support for it is fairly universal, but
    it is known insecure and there is really no valid excuse to be using it
    ;-)

    Salts are randomly generated.

EXPORTED
    You can use the exported mkpasswd and passwdcmp functions in other Perl
    modules/applications:

      use App::bmkpasswd qw/mkpasswd passwdcmp/;
      ## Generate a bcrypted passwd with work-cost 08:
      $bcrypted = mkpasswd($passwd);
      ## Generate a bcrypted passwd with other work-cost:
      $bcrypted = mkpasswd($passwd, 'bcrypt', '06');
      ## SHA:
      $crypted = mkpasswd($passwd, 'sha256');
      $crypted = mkpasswd($passwd, 'sha512');

      ## Compare a password against a hash
      ## passwdcmp() will return the hash if it is a match
      $pwd_matched++ if passwdcmp($passwd, $hash);

BUGS
    There is currently no easy way to pass your own salt; frankly, this
    thing is aimed at some projects of mine where that issue is unlikely to
    come up and randomized is appropriate. If that's a problem, patches
    welcome? ;-)

AUTHOR
    Jon Portnoy <avenj@cobaltirc.org>

Something went wrong with that request. Please try again.