Act icon indicating copy to clipboard operation
Act copied to clipboard

Published 20 hours ago verified publisher icon book

Password rehash

Open alexm opened this issue 9 years ago • 4 comments

Add a new feature that will rehash passwords with salt using EKS Blowfish when a user changes their password. It maintains backwards compatibility with current password digest and it supports other crypt(3) digests too.

alexm avatar Oct 03 '15 14:10 alexm

FWIW I already tested Crypt::Eksblowfish::Bcrypt in spectre and it works fine with cost 10. Find the tests in ~alexm/src.

alexm avatar Oct 03 '15 14:10 alexm

  • Has anybody had the chance to take a look at these changes?
  • What do you think about them?
  • Is there any concern for merging them into production?

alexm avatar Nov 13 '15 20:11 alexm

It's somewhat terrifying to me that this hasn't been merged, or something like it. 2019 is way too late to be using MD5. I mean, I'd have implemented it with Authen::Passphrase, but I guess that has more dependencies.

labster avatar Jul 06 '19 23:07 labster

If someone fixes the conflicts, I'll agree to review it. Although, like @labster, I'm much more in favour of using Authen-Passphrase than Crypt::Eksblowfish::Bcrypt.

eseyman avatar Jul 11 '19 19:07 eseyman