On Thu, Dec 13, 2012 at 11:47 AM, Henk van Oers <[email protected]> wrote: >> In particular, using Authen::Passphrase::BlowfishCrypt would be a >> sensible default scheme as long as the work factor is decently high >> (12+). > > Or maybe Crypt::Eksblowfish like Dancer::Plugin::Passphrase ?
Authen::Passphrase uses Crypt::Eksblowfish and they are both by written by zefram. The advantage of Authen::Passphrass is that it handles multiple schemes in one API (and manages entropy generation). I wasn't debating bcrypt vs sha in general (you can google for that :-), merely saying that Authen::Passphrase would be a way to give people a lot of choice without needing a lot of work if David wanted to open it up to something other than Crypt::SaltedHash. David -- David Golden <[email protected]> Take back your inbox! → http://www.bunchmail.com/ Twitter/IRC: @xdg _______________________________________________ dancer-users mailing list [email protected] http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
