Password-OWASP

Changes for version 0.005 - 2022-09-02

Deprecate hash_password and use prehash_password. This will be changed in a future release. The idea is that crypt_password will become hash_password. This is because crypt_password sounds like it is a two-way function and we can decrypt it. Which we can't.
Prehashing can be disabled by setting hashing to "none". This could become the new default. OWASP now recommends against prehashing because of hash shucking. The idea behind hash shucking is that if you have a compromised site that uses unsalted shaXXX hashing you only need to crack the shaXXX hash to get to the original password. The default will change to 'none' in the future and is planned for Jan 2023.

OWASP recommendations for password storage in perl

Abstract base class to implement OWASP password recommendations

An Argon2 implemenation of Password::OWASP

A BlowfishCrypt implemenation of Password::OWASP

An Scrypt implemenation of Password::OWASP

To install Password::OWASP, copy and paste the appropriate command in to your terminal.

cpanm Password::OWASP

perl -MCPAN -e shell
install Password::OWASP

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)