NAME
Password::OWASP - OWASP recommendations for password storage in perl
VERSION
version 0.002
SYNOPSIS
package MyApp::Authentication;
use Password::OWASP::Scrypt; # or Bcrypt or Argon2
my $user = get_from_db();
my $owasp = Password::OWASP::Scrypt->new(
# optional
hashing => 'sha512',
# Optional
update_method => sub {
my ($password) = @_;
$user->update_password($password);
return;
},
);
DESCRIPTION
This module tries to implement OWASP password recommendations for safe storage in Perl. In short OWASP recommends the following:
Don't limit password length or characters
Hash the password before you crypt them
Use either Argon2, PBKDF2, Scrypt or Bcrypt
This module currently supports Argon2, Scrypt and Bcrypt. All implementations hash the password first with SHA-512. SHA-256 and SHA-1 are also supported. This allows for storing password which are longer that 72 characters.
The check_password method allows for weaker schemes as the module also allows for inplace updates on these passwords. Please note that clear text passwords need to be prepended with {CLEARTEXT}
in order for Authen::Passphrase to do its work.
SEE ALSO
AUTHOR
Wesley Schwengle <waterkip@cpan.org>
COPYRIGHT AND LICENSE
This software is Copyright (c) 2019 by Wesley Schwengle.
This is free software, licensed under:
The (three-clause) BSD License