NAME
Crypt::Bcrypt - A modern bcrypt implementation
VERSION
version 0.010
SYNOPSIS
use Crypt::Bcrypt qw/bcrypt bcrypt_check/;
my $hash = bcrypt($password, '2b', 12, $salt);
if (bcrypt_check($password, $hash)) {
...
}
DESCRIPTION
This module provides a modern and user-friendly implementation of the bcrypt password hash.
Note that in bcrypt passwords may only contain 72 characters. It may seem tempting to prehash the password before bcrypting it but that may make it vulnerable to password shucking, a salted solution (for example using a MAC) should be used instead if one wants to support large passwords.
The password is always expected to come as a (utf8-encoded) byte-string.
FUNCTIONS
bcrypt($password, $subtype, $cost, $salt)
This computes the bcrypt hash for $password
in $subtype
, with $cost
and $salt
.
Valid subtypes are:
2b
This is the subtype the rest of the world has been using since 2014, you should use this unless you have a very specific reason to use something else.
2a
This is an old and subtly buggy version of bcrypt. This is mainly useful for Crypt::Eksblowfish compatibility.
2y
This type is considered equivalent to
2b
, and is only commonly used on php.2x
This is a very broken version that is only useful for compatibility with ancient php versions.
$cost
must be between 4 and 31 (inclusive). $salt
must be exactly 16 bytes.
bcrypt_check($password, $hash)
This checks if the $password
satisfies the $hash
, and does so in a timing-safe manner.
bcrypt_prehashed($password, $subtype, $cost, $salt, $hash_algorithm)
This works like the bcrypt
functions, but pre-hashes the password using the specified hash. This is mainly useful to get around the 72 character limit. Currently only sha256 is supported. This uses a salt-keyed hash to prevent password shucking. If $hash_algorithm
is an empty string it will perform a normal bcrypt
operation.
bcrypt_check_prehashed($password, $hash)
This verifies pre-hashed passwords as generated by bcrypt_prehashed
.
bcrypt_needs_rehash($hash, $wanted_subtype, $wanted_cost, $wanted_hash = '')
This returns true if the bcrypt hash uses a different subtype, cost or hash algorithm than desired.
SEE OTHER
-
This is usually a better approach to managing your passwords, it can use this module via Crypt::Passphrase::Bcrypt. It facilitates upgrading the algorithm parameters or even the algorithm itself.
-
This also offers bcrypt, but only supports the
2a
subtype.
AUTHOR
Leon Timmermans <leont@cpan.org>
COPYRIGHT AND LICENSE
This software is copyright (c) 2021 by Leon Timmermans.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.