-
-
20 Oct 2019 19:53:59 UTC
- Distribution: Mojolicious-Plugin-BcryptSecure
- Module version: 0.02
- Source (raw)
- Browse (raw)
- Changes
- Homepage
- How to Contribute
- Repository
- Issues (0)
- Testers (15 / 0 / 1)
- Kwalitee
Bus factor: 0- 97.67% Coverage
- License: perl_5
- Perl: v5.10.1
24 month- Download (11.79KB)
- MetaCPAN Explorer
- Permissions
- Subscribe to distribution
- This version
- Latest version
NAME
Mojolicious::Plugin::BcryptSecure - Securely bcrypt and validate your passwords.
STATUS
SYNOPSIS
# Mojolicious::Lite # use the default cost of 12 plugin 'BcryptSecure' # set your own cost plugin BcryptSecure => { cost => 8 }; # Mojolicious sub startup { my $self = shift; # use the default cost of 12 $self->plugin('BcryptSecure'); # set your own cost $self->plugin('BcryptSecure', { cost => 8 }) }DESCRIPTION
Mojolicious::Plugin::BcryptSecure is a fork of Mojolicious::Plugin::Bcrypt with two main differences:
Crypt::URandom is used to generate the salt used in "bcrypt" with strongest available source of non-blocking randomness on the current platform.
"secure_compare" in Mojo::Util is used in "bcrypt_validate" when comparing the crypted passwords to help prevent timing attacks.
You also may want to look at Mojolicious::Command::bcrypt to help easily generate crypted passwords with your app's
bcryptsettings via a Mojolicious::Command.OPTIONS
cost
A non-negative integer with at most two digits that controls the cost of the hash function. The number of operations is proportional to 2^cost. The default value is 12. This option is described more in Crypt::Eksblowfish::Bcrypt.
# Mojolicious::Lite plugin BcryptSecure => { cost => 8 }; # Mojolicious sub startup { my $self = shift; $self->plugin('BcryptSecure', { cost => 8 }) }HELPERS
bcrypt
Crypts a password via the bcrypt algorithm and returns the resulting crypted value.
my $crypted_password = $c->bcrypt($plaintext_password); # optionally pass your own settings my $crypted_password = $c->bcrypt($plaintext_password, $settings);$settingsis an optional string which encodes the algorithm parameters, as described in Crypt::Eksblowfish::Bcrypt.bcrypt_validate
Validates a password against a crypted password (from your database, for example):
if ($c->bcrypt_validate($plaintext_password, $crypted_password)) { # Authenticated } else { # Uh oh... }AUTHOR
Adam Hopkins <srchulo@cpan.org>
COPYRIGHT
Copyright 2019- Adam Hopkins
LICENSE
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
SEE ALSO
As a valued partner and proud supporter of MetaCPAN, StickerYou
is happy to offer a 10% discount on all Custom Stickers,
Business Labels, Roll Labels, Vinyl Lettering or Custom Decals.
StickerYou.com is your one-stop shop to make
your business stick. Use code METACPAN10 at
checkout to apply your discount.