NAME

Password::OWASP - OWASP recommendations for password storage in perl

VERSION

version 0.001

SYNOPSIS

    package MyApp::Authentication;

    use Password::OWASP::Scrypt; # or Bcrypt or Argon2

    my $user = get_from_db();

    my $owasp = Password::OWASP::Scrypt->new(

        # optional
        hashing => 'sha512',

        # Optional
        update_method => sub {
            my ($password) = @_;
            $user->update_password($password);
            return;
        },
    );

DESCRIPTION

This module tries to implement OWASP password recommendations for safe storage in Perl. In short OWASP recommends the following:

• Don't limit password length or characters

• Hash the password before you crypt them

• Use either Argon2, PBKDF2, Scrypt or Bcrypt

This module currently supports Argon2, Scrypt and Bcrypt. All implementations hash the password first with SHA-512. SHA-256 and SHA-1 are also supported. This allows for storing password which are longer that 72 characters.

The check_password method allows for weaker schemes as the module also allows for inplace updates on these passwords. Please note that clear text passwords need to be prepended with {CLEARTEXT} in order for Authen::Passphrase to do its work.

SEE ALSO

• Password::OWASP::Argon2

• Password::OWASP::Scrypt

• Password::OWASP::Bcrypt

• OWASP cheatsheet for password storage

• OWASP cheatsheet for authentication storage

• Authen::Passphrase

• Authen::Passphrase::Argon2

• Authen::Passphrase::Scrypt

• Authen::Passphrase::BlowfishCrypt

AUTHOR

Wesley Schwengle <waterkip@cpan.org>

COPYRIGHT AND LICENSE

This software is Copyright (c) 2019 by Wesley Schwengle.

This is free software, licensed under:

  The (three-clause) BSD License