NAME
Crypt::Passphrase::Pepper::Simple - An pepper-wrapper for Crypt::Passphrase
VERSION
version 0.014
SYNOPSIS
my $passphrase = Crypt::Passphrase->new(
encoder => {
module => 'Pepper::Simple',
inner => {
module => 'Argon2',
output_size => 32,
},
peppers => {
1 => pack('H*', '0123456789ABCDEF...'),
2 => pack('H*', 'FEDCBA9876543210...'),
},
},
);DESCRIPTION
This module wraps another encoder to pepper the input to the hash. By using identifiers for the peppers, it allows for easy rotation of peppers. Much like password their function relies entirely on their secrecy, and they should be treated similarly.
It will be able to validate both peppered and unpeppered hashes.
METHODS
new(%args)
This creates a new pepper encoder. It takes the following named arguments:
inner
This contains an encoder specification identical to the
encoderfield ofCrypt::Passphrase. It is mandatory.peppers
This is a map of identifier to pepper value. The identifiers should be (probably small) numbers, the values should be random binary strings that are long enough to not be brute-forcable (the output size of the hash is a good choice).
active
This is the active pepper. It must be one of the keys in
peppers, and by default it will be the key highest (numerical) value.algorithm
This is the algorithm that's used for peppering. Supported values are
'sha1-hmac','sha224-hmac','sha256-hmac','sha384-hmac', and'sha512-hmac'(the default).
prehash_password($password, $algorithm, $identifier)
This prehashes the $password using the given $algorithm and $identifier.
AUTHOR
Leon Timmermans <leont@cpan.org>
COPYRIGHT AND LICENSE
This software is copyright (c) 2021 by Leon Timmermans.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.