NAME

Password::OWASP - OWASP recommendations for password storage in perl

VERSION

version 0.004

SYNOPSIS

package MyApp::Authentication;

use Password::OWASP::Scrypt; # or Bcrypt or Argon2

my $user = get_from_db();

my $owasp = Password::OWASP::Scrypt->new(

    # optional
    hashing => 'sha512',

    # Optional
    update_method => sub {
        my ($password) = @_;
        $user->update_password($password);
        return;
    },
);

DESCRIPTION

This module tries to implement OWASP password recommendations for safe storage in Perl. In short OWASP recommends the following:

• Don't limit password length or characters

• Hash the password before you crypt them

• Use either Argon2, PBKDF2, Scrypt or Bcrypt

This module currently supports Argon2, Scrypt and Bcrypt. All implementations hash the password first with SHA-512. SHA-256 and SHA-1 are also supported. This allows for storing password which are longer that 72 characters.

The check_password method allows for weaker schemes as the module also allows for inplace updates on these passwords. Please note that clear text passwords need to be prepended with {CLEARTEXT} in order for Authen::Passphrase to do its work.

SEE ALSO

• Password::OWASP::Argon2

• Password::OWASP::Scrypt

• Password::OWASP::Bcrypt

• OWASP cheatsheet for password storage

• OWASP cheatsheet for authentication storage

• Authen::Passphrase

• Authen::Passphrase::Argon2

• Authen::Passphrase::Scrypt

• Authen::Passphrase::BlowfishCrypt

AUTHOR

Wesley Schwengle <waterkip@cpan.org>

COPYRIGHT AND LICENSE

This software is Copyright (c) 2019 by Wesley Schwengle.

This is free software, licensed under:

The (three-clause) BSD License