Password::OWASP - OWASP recommendations for password storage in perl
version 0.003
package MyApp::Authentication; use Password::OWASP::Scrypt; # or Bcrypt or Argon2 my $user = get_from_db(); my $owasp = Password::OWASP::Scrypt->new( # optional hashing => 'sha512', # Optional update_method => sub { my ($password) = @_; $user->update_password($password); return; }, );
This module tries to implement OWASP password recommendations for safe storage in Perl. In short OWASP recommends the following:
Don't limit password length or characters
Hash the password before you crypt them
Use either Argon2, PBKDF2, Scrypt or Bcrypt
This module currently supports Argon2, Scrypt and Bcrypt. All implementations hash the password first with SHA-512. SHA-256 and SHA-1 are also supported. This allows for storing password which are longer that 72 characters.
The check_password method allows for weaker schemes as the module also allows for inplace updates on these passwords. Please note that clear text passwords need to be prepended with {CLEARTEXT} in order for Authen::Passphrase to do its work.
{CLEARTEXT}
Password::OWASP::Argon2
Password::OWASP::Scrypt
Password::OWASP::Bcrypt
OWASP cheatsheet for password storage
OWASP cheatsheet for authentication storage
Authen::Passphrase
Authen::Passphrase::Argon2
Authen::Passphrase::Scrypt
Authen::Passphrase::BlowfishCrypt
Wesley Schwengle <waterkip@cpan.org>
This software is Copyright (c) 2019 by Wesley Schwengle.
This is free software, licensed under:
The (three-clause) BSD License
To install Password::OWASP, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Password::OWASP
CPAN shell
perl -MCPAN -e shell install Password::OWASP
For more information on module installation, please visit the detailed CPAN module installation guide.