NAME

Crypt::Yescrypt - A Perl interface to the yescrypt password hash

VERSION

version 0.004

DESCRIPTION

yescrypt is a password-based key derivation function (KDF) and password hashing scheme. It builds upon Colin Percival's scrypt. This implementation is able to compute native yescrypt hashes as well as classic scrypt.

Why yescrypt?

Like it or not, password authentication remains relevant (including as one of several authentication factors), password hash database leaks happen, the leaks are not always detected and fully dealt with right away, and even once they are many users' same or similar passwords reused elsewhere remain exposed. To mitigate these risks (as well as those present in other scenarios where password-based key derivation or password hashing is relevant), computationally expensive (bcrypt, PBKDF2, etc.) and more recently also memory-hard (scrypt, Argon2, etc.) password hashing schemes have been introduced. Unfortunately, at high target throughput and/or low target latency their memory usage is unreasonably low, up to the point where they're not obviously better than the much older bcrypt (considering attackers with pre-existing hardware). This is a primary drawback that yescrypt addresses.

Most notable for large-scale deployments is yescrypt's optional initialization and reuse of a large lookup table, typically occupying at least tens of gigabytes of RAM and essentially forming a site-specific ROM. This limits attackers' use of pre-existing hardware such as botnet nodes.

yescrypt's other changes from scrypt additionally slow down GPUs and to a lesser extent FPGAs and ASICs even when its memory usage is low and even when there's no ROM, and provide extra knobs and built-in features.

FUNCTIONS

yescrypt($password, $salt, $flags, $block_count, $block_size, $parallelism = 1, $time = 0, $upgrades = 0)

This function processes the $password with the given $salt and parameters. It encodes the resulting tag and the parameters as a password string (e.g. $y$j9T$SALT$HIA0o5.HmkE9HhZ4H8X1r0aRYrqdcv0IJEZ2PLpqpz6).

yescrypt_check($password, $hash)

This verifies that the $password matches $hash. All parameters and the tag value are extracted from $hash, so no further arguments are necessary.

yescrypt_needs_rehash($hash, $salt, $flags, $block_count, $block_size, $parallelism, $time, $upgrades)

This returns true if the yescrypt $hash uses a different parameters than the given parameters.

yescrypt_kdf($password, $salt, $output_size, $flags, $block_count, $block_size, $parallelism = 1, $time = 0, $upgrades = 0)

This function processes the $password with the given $salt and parameters. It returns only the hash, without parameters or encoding.

AUTHOR

Leon Timmermans <leont@cpan.org>

COPYRIGHT AND LICENSE

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

To install Crypt::Yescrypt, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Crypt::Yescrypt

CPAN shell

perl -MCPAN -e shell
install Crypt::Yescrypt

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)