/ 
Crypt-Passphrase-Bcrypt-0.008
⭐ Starred 0
/ Crypt::Passphrase::Bcrypt

NAME

Crypt::Passphrase::Bcrypt - A bcrypt encoder for Crypt::Passphrase

VERSION

version 0.008

SYNOPSIS

my $passphrase = Crypt::Passphrase->new(
  encoder => {
    module => 'Bcrypt',
    cost   => 14,
    hash   => 'sha256',
  },
);

DESCRIPTION

This class implements a bcrypt encoder for Crypt::Passphrase. For high-end parameters Crypt::Passphrase::Argon2 is recommended over this module as an encoder, as that provides memory-hardness and more easily allows for long passwords.

Configuration

It accepts the following arguments:

  • cost

    This is the cost factor that is used to hash passwords. It currently defaults to 14, but this may change in the future.

  • subtype

    • 2b

      This is the subtype everyone has been using since 2014.

    • 2y

      This type is considered equivalent to 2b. It is common on php but not elsewhere.

    • 2a

      This is an old and subtly buggy version of bcrypt. This is mainly useful for Crypt::Eksblowfish compatibility.

    • 2x

      This is a very broken version that is only useful for compatibility with ancient php versions.

    This is 2b by default, and you're unlikely to want to change this.

  • hash

    Pre-hash the password using the specified hash. It will support any hash supported by Crypt::Bcrypt, which is currently 'sha256', 'sha384' and 'sha512'. This is mainly useful because plain bcrypt is not null-byte safe and only supports 72 characters of input. This uses a salt-keyed hash to prevent password shucking.

SUPPORTED CRYPT TYPES

It supports the above described subtypes, as well as bcrypt-sha256, bcrypt-sha384 and bcrypt-sha512 for prehashed bcrypt.

AUTHOR

Leon Timmermans <fawaka@gmail.com>

COPYRIGHT AND LICENSE

This software is copyright (c) 2021 by Leon Timmermans.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.