bcrypt

bcrypt [-c rounds] [-h] [-s salt] [-u] [PASSWORD]

-c rounds
    Set work factor (default: 10, range 4-31)

-h
    Display help and exit

-s salt
    Use specified 22-char base64 salt (random otherwise)

-u
    Display usage summary

-V
    Print version information

The bcrypt command is a utility for generating secure password hashes using the bcrypt key derivation function, originally designed by Niels Provos and David Mazières. It applies a slow, computationally expensive algorithm to resist brute-force attacks, making it ideal for storing passwords in files like /etc/shadow or Apache's htpasswd.

bcrypt takes a password (or reads from stdin) and produces a hash string in the modular crypt format: $2a$10$... or similar (variants $2a$, $2b$, $2y$). The hash includes a cost factor (default 10, meaning 2^10 iterations), a 128-bit salt, and the encrypted password. Higher costs increase security but slow verification.

This tool is particularly useful for system administrators needing bcrypt-compatible hashes, as opposed to weaker methods like MD5 or DES crypt. It's available in many Linux distributions via the bcrypt package and supports reading passwords securely without echoing. Output can be directly used by PAM, Apache, or other services supporting bcrypt.

High round counts (>12) may cause significant CPU load; not suitable for real-time auth. Passwords longer than 72 bytes may be truncated in some implementations.

echo -n 'mypassword' | bcrypt
Outputs: $2b$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi

Reads password from stdin if no argument: bcrypt < passfile

bcrypt algorithm from 1999 OpenBSD paper; command-line tool popularized in pkgsrc/NetBSD circa 2006, ported to Linux distributions like Debian/Ubuntu since 2010.

mkpasswd(1), htpasswd(1), crypt(3)