The Perl Advent Calendar needs more articles for 2022. Submit your idea today!


Crypt::Passphrase::Bcrypt - A bcrypt encoder for Crypt::Passphrase


version 0.003


This class implements a bcrypt encoder for Crypt::Passphrase. Crypt::Passphrase::Argon2 is recommended over this module as an encoder, as that provides memory-hardness and more easily allows for long passwords.



  • cost

    This is the cost factor that is used to hash passwords.

  • subtype

    • 2b

      This is the subtype the rest of the world has been using since 2014

    • 2y

      This type is considered equivalent to 2b.

    • 2a

      This is an old and subtly buggy version of bcrypt. This is mainly useful for Crypt::Eksblowfish compatibility.

    • 2x

      This is a very broken version that is only useful for compatibility with ancient php versions.

    This is 2b by default, and you're unlikely to want to change this.

  • hash

    Pre-hash the password using the specified hash. Currently only sha256 is supported. This is mainly useful to get around the 72 character limit. This uses a salt-keyed hash to prevent password shucking.


This hashes the passwords with bcrypt according to the specified settings and a random salt (and will thus return a different result each time).


This returns true if the hash uses a different cipher or subtype, if any of the cost is lower that desired by the encoder or if the prehashing doesn't match.


This returns the above described subtypes, as well as bcrypt-sha256 for prehashed bcrypt.

verify_password($password, $hash)

This will check if a password matches a bcrypt hash.


Leon Timmermans <>


This software is copyright (c) 2021 by Leon Timmermans.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.