On Tue, Dec 11, 2012 at 6:10 AM, David Precious <[email protected]> wrote: > The reason I used Crypt::SaltedHash there is it's good at working out > what hashing scheme is in use and just doing the right thing. If it's > at all difficult to configure or understand, users might decide not to > use it and just use plain text passwords instead; whilst I think they > should have that choice, I think it should be seriously discouraged :)
At the risk of inflicting dependencies on people, I suggest looking at Authen::Passphrase for dealing with various ways to hash passwords. In particular, using Authen::Passphrase::BlowfishCrypt would be a sensible default scheme as long as the work factor is decently high (12+). David -- David Golden <[email protected]> Take back your inbox! → http://www.bunchmail.com/ Twitter/IRC: @xdg _______________________________________________ dancer-users mailing list [email protected] http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
