This package contains a tool to encrypt passwords using the bcrypt password algorithm.
You may download a binary for your plaform from the releases page.
Alternatively you can install the latest master commit with go get:
$ go get github.com/zenreach/bcrypt
This will build and install the bcrypt binary into your $GOBIN.
There are three ways to get a password into bcrypt.
As the first positional argument on the command line:
$ bcrypt secret
$2a$10$p9XJ4Np9HzSSZsTJqkun/eDAXpCbYl8xncr2srCfHsLnTYHIEsx/m
Pipe the password from from another process:
$ echo secret | bcrypt
$2a$10$hDlfF5bNs1Mcwx4sJdvV9e9.FmCaphoUms6q0qFRq2YgVjG2iOY4e
Let bcrypt prompt you for a password:
$ bcrypt
password:
$2a$10$BQ6oxJbFwGYJqPwu9Hp.V.Y3qarGXMPnnp9NrmIpY34AqLAv3pz4S
The hashing cost can be adjusted with the -c flag. Higher cost values
increase the time it takes to encrypt a password and, by extension, compare
passwords. See the output of -h for the default and valid options. This
example sets the cost to 15:
$ bcrypt -c 15 secret
$2a$15$zsZTRJ9wFqnLbjrM4vgmNO46lL13yolww5yKSRNuiVY.9Afaq07Ia
The bcrypt algorithm has a length limit of up to 55 bytes. As a result longer
passwords are effectively truncated to this length. This can be worked around
by using the -s flag to SHA256 encode the password before encrypting:
$ bcrypt -s secret
$2a$10$Rk2ZHFXHR/7sYcli6BudfuX/8xVUMCIedxTnZ0ZDAHVPDvIzXi82O
The bcrypt command is careful to output prompts and error messages to stdin.
Only the hash is printed to stdout. This alows its output to be redirected for
use in scripts. This simple example prompts the user for a password and writes
the encrypted hash to a file:
$ bcrypt > password.hash
Password:
$ cat password.hash
$2a$10$aNpcOMIZjYTmG1EzAg.lleDmnmHKvsg13xhG55J.3xEme4GU.HqHu
Within a script you may wish to capture the password to a variable:
#!/bin/bash
HASH=$(bcrypt)
echo 'user:$HASH' >> /etc/myapp/users.pw