NAME

Crypt::Passphrase::Pepper::Simple - A pepper-wrapper for Crypt::Passphrase

VERSION

version 0.017

SYNOPSIS

my $passphrase = Crypt::Passphrase->new(
    encoder => {
        module  => 'Pepper::Simple',
        inner   => 'Bcrypt',
        peppers => {
            1 => pack('H*', '0123456789ABCDEF...'),
            2 => pack('H*', 'FEDCBA9876543210...'),
        },
    },
);

DESCRIPTION

This module wraps another encoder to pepper the input to the hash. By using identifiers for the peppers, it allows for easy rotation of peppers. Much like password their function relies entirely on their secrecy, and they should be treated similarly.

It will be able to validate both peppered and unpeppered hashes.

CONFIGURATION

It takes the following configuration arguments:

  • inner

    This contains an encoder specification identical to the encoder field of Crypt::Passphrase. It is mandatory.

  • peppers

    This is a map of identifier to pepper value. The identifiers should be (probably small) numbers, the values should be random binary strings that are long enough to not be brute-forcable (the output size of the hash is a good choice). This is mandatory.

  • active

    This is the active pepper. It must be one of the keys in peppers, and by default it will be the key highest (numerical) value.

  • algorithm

    This is the algorithm that's used for peppering. Supported values are 'sha1-hmac', 'sha224-hmac', 'sha256-hmac', 'sha384-hmac', and 'sha512-hmac' (the default).

Supported types

The supported peppered types are a the inner encoders types cross joined with the algorithms with "-pepper-" (e.g. "argon2id-pepper-sha512-hmac"), as well as the underlaying types themselves (e.g. "argon2id".

AUTHOR

Leon Timmermans <leont@cpan.org>

COPYRIGHT AND LICENSE

This software is copyright (c) 2021 by Leon Timmermans.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.