On Thu, 13 Dec 2012, David Golden wrote:
On Tue, Dec 11, 2012 at 6:10 AM, David Precious <[email protected]> wrote:
The reason I used Crypt::SaltedHash there is it's good at working out
what hashing scheme is in use and just doing the right thing. If it's
at all difficult to configure or understand, users might decide not to
use it and just use plain text passwords instead; whilst I think they
should have that choice, I think it should be seriously discouraged :)
At the risk of inflicting dependencies on people, I suggest looking at
Authen::Passphrase for dealing with various ways to hash passwords.
In particular, using Authen::Passphrase::BlowfishCrypt would be a
sensible default scheme as long as the work factor is decently high
(12+).
Or maybe Crypt::Eksblowfish like Dancer::Plugin::Passphrase ?
--
Henk
_______________________________________________
dancer-users mailing list
[email protected]
http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
