The Perl Advent Calendar needs more articles for 2022. Submit your idea today!

NAME

Crypt::Passphrase::Bcrypt - A bcrypt encoder for Crypt::Passphrase

VERSION

version 0.003

DESCRIPTION

This class implements a bcrypt encoder for Crypt::Passphrase. Crypt::Passphrase::Argon2 is recommended over this module as an encoder, as that provides memory-hardness and more easily allows for long passwords.

METHODS

new(%args)

  • cost

    This is the cost factor that is used to hash passwords.

  • subtype

    • 2b

      This is the subtype the rest of the world has been using since 2014

    • 2y

      This type is considered equivalent to 2b.

    • 2a

      This is an old and subtly buggy version of bcrypt. This is mainly useful for Crypt::Eksblowfish compatibility.

    • 2x

      This is a very broken version that is only useful for compatibility with ancient php versions.

    This is 2b by default, and you're unlikely to want to change this.

  • hash

    Pre-hash the password using the specified hash. Currently only sha256 is supported. This is mainly useful to get around the 72 character limit. This uses a salt-keyed hash to prevent password shucking.

hash_password($password)

This hashes the passwords with bcrypt according to the specified settings and a random salt (and will thus return a different result each time).

needs_rehash($hash)

This returns true if the hash uses a different cipher or subtype, if any of the cost is lower that desired by the encoder or if the prehashing doesn't match.

crypt_types()

This returns the above described subtypes, as well as bcrypt-sha256 for prehashed bcrypt.

verify_password($password, $hash)

This will check if a password matches a bcrypt hash.

AUTHOR

Leon Timmermans <leont@cpan.org>

COPYRIGHT AND LICENSE

This software is copyright (c) 2021 by Leon Timmermans.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.