NAME
Crypt::Passphrase - A module for managing passwords in a cryptographically agile manner
VERSION
version 0.020
SYNOPSIS
my $authenticator = Crypt::Passphrase->new(
encoder => 'Argon2',
validators => [ 'Bcrypt', 'SHA1::Hex' ],
);
my ($hash) = $dbh->selectrow_array("SELECT password_hash FROM users WHERE name = ?", {}, $user);
if (!$authenticator->verify_password($password, $hash)) {
die "Invalid password";
}
elsif ($authenticator->needs_rehash($hash)) {
my $new_hash = $authenticator->hash_password($password);
$dbh->do("UPDATE users SET password_hash = ? WHERE name = ?", {}, $new_hash, $user);
}
DESCRIPTION
This module manages the passwords in a cryptographically agile manner. Following Postel's principle, it allows you to define a single scheme that will be used for new passwords, but several schemes to check passwords with. It will be able to tell you if you should rehash your password, not only because the scheme is outdated, but also because the desired parameters have changed.
Note that this module doesn't depend on any backend, your application will have to depend on one or more of the backends listed under "SEE ALSO"
METHODS
new
Crypt::Passphrase->new(%args
encoder => 'Bcrypt',
validators => [ 'SHA1::Hex' ],
)
This creates a new Crypt::Passphrase
object. It takes three named arguments:
encoder
A
Crypt::Passphrase
object has a single encoder. This can be passed in three different ways:A simple string
The name of the encoder class. If the value starts with a
+
, the+
will be removed and the remainder will be taken as a fully-qualified package name. Otherwise,Crypt::Passphrase::
will be prepended to the value.The class will be loaded, and constructed without arguments.
A hash
The
module
entry will be used to load a new Crypt::Passphrase module as described above, the other arguments will be passed to the constructor. This is the recommended option, as it gives you full control over the password parameters.A Crypt::Passphrase::Encoder object
This will be used as-is.
This argument is mandatory.
validators
This is a list of additional validators for passwords. These values can each either be the same an encoder value, except that the last entry may also be a coderef that takes the password and the hash as its arguments and returns a boolean value.
This argument is optional and defaults to an empty list. The encoder is always considered as a validator and thus doesn't need to be specified.
normalization
This sets the unicode normalization form used for the password. Valid values are
'C'
(composed; the the default),'D'
(decomposed),'KC'
(legacy composed) and'KD'
(legacy decomposed). You should probably not change this unless it's necessary for compatibility with something else, you should definitely not change this on an existing database as that will break passwords affected by normalization.
hash_password
$passphrase->hash_password($password)
This will hash a $password
with the encoder cipher, and return it (in crypt format). This will generally use a salt, and as such will return a different value each time even when called with the same password.
verify_password
$passphrase->verify_password($password, $hash)
This will check a $password
satisfies a certain $hash
and returns success or not. It will always return false if $hash
isn't defined.
needs_rehash
$passphrase->needs_rehash($hash)
This will check if a hash needs to be rehashed, either because it's in the wrong cipher or because the parameters are insufficient.
Calling this only ever makes sense after a password has been verified.
recode_hash
$passphrase->recode_hash($hash)
This recodes a hash if needed. This is mainly relevant when upgrading to a new pepper, but can also be relevant when a cipher has multiple known encodings (e.g. scrypt). It will return the hash unmodified otherwise.
curry_with_hash
$passphrase->curry_with_hash($hash)
This creates a Crypt::Passphrase::PassphraseHash
object for the hash, effectively currying Crypt::Passphrase
with that hash. This can be useful for plugging Crypt::Passphrase
into some frameworks (e.g. ORMs) that require a singular object to contain everything you need to match passwords against.
TIPS AND TRICKS
Custom configurations
While encoders generally allow for a default configuration, I would strongly encourage anyone to research what settings work for your application. It is generally a trade-off between usability/resources and security.
If your application is deployed by different people than it's developed by it may be helpful to have the configuration for Crypt::Passphrase
part of your application configuration file and not be hardcoded so that your users can choose the right settings for them.
Unicode
Crypt::Passphrase
considers passwords to be text, and as such you should ensure any password input is decoded if it contains any non-ascii characters. Crypt::Passphrase
will take care of both normalizing and encoding such input.
DOS attacks
Hashing passwords is by its nature a heavy operations. It can be abused by malignant actors who want to try to DOS your application. It may be wise to do some form of DOS protection such as a proof-of-work scheme or a captcha.
Levels of security
In some situations, it may be appropriate to have different password settings for different users (e.g. set them more strict for administrators than for ordinary users).
SEE ALSO
Encoders
The following encoders are currently available on CPAN:
-
This is a state-of-the-art memory-hard password hashing algorithm, recommended for higher-end parameters. Winner of the Password Hash Competition of 2015.
-
And older but still safe password hashing algorithm, recommended for lower-end parameters or if you need to be compatible with BSD system passwords.
-
Another state-of-the-art memory-hard password hashing algorithm. Finalist of the Password Hash Competition of 2015 and used in some recent Linux distributions for user passwords.
Crypt::Passphrase::Argon2::AES
A peppering implementation that AES encrypts an argon2 hash. Recommended when wanting to pepper with argon2 as it allows offline repeppering and offers strong cryptographic guarantees.
Crypt::Passphrase::Argon2::HSM
A peppering implementation like above, except it uses a PKCS11 Hardware Security Module instead of encrypting locally for additional information security. Supported algorithms will depend on your HSM.
Crypt::Passphrase::Bcrypt::AES
A peppering implementation that AES encrypts a bcrypt hash. Recommended when wanting to pepper with bcrypt as it allows offline repeppering and offers strong cryptographic guarantees.
-
A FIPS-standardized hashing algorithm. Only recommended when FIPS-compliance is required.
-
An implementation of SHA-512, SHA256 and MD5 based
crypt()
. Recommended if you need to be compatible with standard Linux system passwords. -
A first-generation memory-hard algorithm, if you want a memory-hard algorithm something more recent like argon2 or yescrypt is recommended instead.
-
Your system's
crypt
implementation. Support for various algorithms varies between platforms and platform versions, and while on some platforms it's a decent backend one should not rely on this for a portable result. This is mainly useful if you can't depend on XS module being available and is provided in this distribution. Crypt::Passphrase::Pepper::Simple
A meta-encoder that adds peppering to your passwords by pre-hashing the inputs. Recommended only when wanting to pepper with hashes other than argon2 or bcrypt as it can be combined with any encoder. It is provided in this distribution.
Validators
Additionally, the following validators are supported
-
A validator for hex encoded unsalted SHA1. It is provided in this distribution.
Crypt::Passphrase::SHA1::Base64
A validator for base64 encoded unsalted SHA1. It is provided in this distribution.
-
A validator for hex encoded unsalted MD5. It is provided in this distribution.
Crypt::Passphrase::MD5::Base64
A validator for base64 encoded unsalted MD5. It is provided in this distribution.
Crypt::Passphrase::Bcrypt::Compat
This is an alternative validator for bcrypt that exists because Crypt::Eksblowfish::Bcrypt can produce
$2$
type hashes that aren't supported by modern bcrypt implementations when in some configurations (whenkey_nul
is false). This should only be used if you have such hashes.
Integrations
A number of integrations of Crypt::Passphrase exist:
-
This will automatically inflate a password column to a Crypt::Passphrase::PassphraseHash object, and optionally add several helpful methods to the row object.
Mojolicious::Plugin::Passphrase
This integrates Crypt::Passphrase into the Mojolicious web framework.
Dancer2::Plugin::CryptPassphrase
This integrates Crypt::Passphrase into the Dancer2 web framework.
AUTHOR
Leon Timmermans <fawaka@gmail.com>
COPYRIGHT AND LICENSE
This software is copyright (c) 2021 by Leon Timmermans.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.