Revision history for Password-OWASP

TODO: Look into PBKDF2

0.005     2022-09-02 23:39:42Z

    * Deprecate hash_password and use prehash_password. This will be
      changed in a future release. The idea is that crypt_password will
      become hash_password. This is because crypt_password sounds like
      it is a two-way function and we can decrypt it. Which we can't.

    * Prehashing can be disabled by setting hashing to "none". This
      could become the new default. OWASP now recommends against
      prehashing because of hash shucking. The idea behind hash shucking
      is that if you have a compromised site that uses unsalted shaXXX
      hashing you only need to crack the shaXXX hash to get to the
      original password. The default will change to 'none' in the future
      and is planned for Jan 2023.

0.004     2022-08-16 13:42:59Z

    * Bump version of Authen::Passphrase::Scrypt (CPANTesters)

0.003     2022-08-12 21:15:15Z

    * Allow workfactor/cost to be tweaked on construction

0.002     2022-08-12 19:06:39Z

    * Maintainer release
        * CPANTS was complaining about use strict/warnings
        * Fix some author tests
        * By removing use utf8 we become even useable on perl 5.6

0.001     2019-11-02 19:12:32Z

    * Initial release