DESCRIPTION

This module tries to implement OWASP password recommendations for safe storage in Perl. In short OWASP recommends the following:

Don't limit password length or characters
Hash the password before you crypt them (deprecated)
Use either Argon2, PBKDF2, Scrypt or Bcrypt

This module currently supports Argon2, Scrypt and Bcrypt. All implementations hash the password first with SHA-512. SHA-256 and SHA-1 are also supported. This allows for storing password which are longer that 72 characters. OWASP now recommends against this. This module will move away from prehashing. In order to allow for a transition the default will stay, but emit a deprecation warning. You can now set none as a hashing option. This will become the new default.

The check_password method allows for weaker schemes as the module also allows for inplace updates on these passwords. Please note that clear text passwords need to be prepended with {CLEARTEXT} in order for Authen::Passphrase to do its work.

SYNOPSIS

package MyApp::Authentication;

use Password::OWASP::Scrypt; # or Bcrypt or Argon2

my $user = get_from_db();

my $owasp = Password::OWASP::Scrypt->new(

    # optional
    hashing => 'sha512',

    # Optional
    update_method => sub {
        my ($password) = @_;
        $user->update_password($password);
        return;
    },
);

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

DESCRIPTION

SYNOPSIS

SEE ALSO