guniorobot / dancer-plugin-bcrypt Goto Github PK
View Code? Open in Web Editor NEWThis project forked from loonypandora/dancer-plugin-bcrypt
Interface to Bcrypt for Dancer
This project forked from loonypandora/dancer-plugin-bcrypt
Interface to Bcrypt for Dancer
NAME Dancer::Plugin::Bcrypt - Bcrypt interface for Dancer VERSION version 0.4.0 DESCRIPTION PLEASE NOTE THAT WHILE THIS MODULE WORKS, IT IS DEPRECATED, AND NO LONGER MAINTAINED. I suggest you use the more flexible replacement L<Dancer::Plugin::Passphrase> - It has all the same functionality as the module, and also allows you to match against other hashing algorithms as well as brcypt. Original documentation continues below... This plugin is a simple interface to the bcrypt algorithm allowing web apps created by dancer to easily store passwords in a secure way. It generates a crypographically strong salt for each password, uses the very strong bcrypts algorithm to hash the password - and does these in a configurable and portable manner. BACKGROUND See http://codahale.com/how-to-safely-store-a-password/ To safely store passwords in the modern era, you should use bcrypt. It's that simple MD5, SHA and their ilk are general purpose hash functions, designed for speed. An average server can calculate the MD5 hash of every 6 character, alphanumeric password in about 40 seconds. The beefiest boxen can do the same in ONE second Bcrypt is an adaptive password hashing algorithm. It uses a work factor to determine how SLOWLY it hashes a password. This work factor can be increased to keep up with the ever increasing power of computers. KEYWORDS bcrypt The only keyword provided by this plugin. Pass it a plaintext password, and it will return a string suitable for storage, using the settings specified in the app config. This string contains the bcrypted hash, work factor used, and the salt used to generate the hash, delimited by a $. my $hash = bcrypt($plaintext); Pass a plaintext password and a stored bcrypted string, it will return a hash of the plaintext password using the work factor and salt from the stored hash. You would use this to verify that a password provided by a user matches the hash you have stored in the database. my $hash = bcrypt($plaintext, $stored_hash); USAGE package MyWebService; use Dancer; use Dancer::Plugin::Bcrypt; get '/' sub => { # Generate a new hashed password - suitable for storing in a DB. my $hash = bcrypt( param('password') ); # [...] # Validate password provided by user against stored hash. my $stored_hash = ''; # [...] retreive password from the DB. my $hash = bcrypt(param('password'), $stored_hash); if ($hash == $stored_hash) { # Password matched! } }; CONFIGURATION You can set the work factor and the random-ness of the salt in your config.yml plugins: bcrypt: work_factor: 8 random_factor: strong SEE ALSO http://perldancer.org/ http://codahale.com/how-to-safely-store-a-password http://search.cpan.org/dist/Crypt-Random-Source/ http://search.cpan.org/dist/Crypt-Eksblowfish/ AUTHOR James Aitken <[email protected]> COPYRIGHT AND LICENSE This software is copyright (c) 2011 by James Aitken. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.