On 11 Jul 2011, at 15:59, Pavel Karoukin wrote: > Hello, > > Right now I am using SHA hashed passwords in my Catalyst application > (https://github.com/hippich/Bitcoin-Poker-Room). While SHA is better then > MD5, I still want to migrate to Bcrypt. > > I have two questions: > > 1) Catalyst::Authentication::Credential::Password seems to not support Bcrypt > since it relies on Digest and Digest do not have Bcrypt as an option. Should > I use DBIx::Class::EncodedColumn with Crypt::Eksblowfish::Bcrypt ?
I think you could locally patch Catalyst::Authentication::Credential::Password and/or submit an upstream patch to handle bcrypt hashing as another password_type a bit like 'salted_hash'. > > 2) How I should update my application to have first check against new hashing > algorithm and if password returns incorrect, try old one (SHA)? Should I do > it through realms, or just check password in my authentication controller > directly instead? I'd define two realms in your configuration for each password type and then attempt authentication against both realms. - Mark _______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
