Re: RFC / Audit: Mojo Login Example

in reply to RFC / Audit: Mojo Login Example

I have not played with the code though I should. I wonder why PBKDF2 instead of Bcrypt. Even with all the time passed making the latter the ageing technology… it’s never been broken—which is a better and better sign with an older algorithm—and with standard hardware it’s still harder to brute force.

This kind of thing is deviously difficult to do simply, correctly, and cleanly so I really appreciate you putting an implementation forward.

Comment on Re: RFC / Audit: Mojo Login Example

Replies are listed 'Best First'.
Re^2: RFC / Audit: Mojo Login Example by haukex (Archbishop) on Mar 25, 2020 at 06:53 UTC
I wonder why PBKDF2 instead of Bcrypt. Just a recommendation I found while researching, but yes, there are quite a few alternatives (for example, some databases have this kind of functionality built in, e.g. pgcrypto). My main intent was to show that this kind of thing is necessary in general. This kind of thing is deviously difficult to do simply, correctly, and cleanly Yes, I'm definitely feeling that - so many different guides and recommendations that it's hard to keep track of what's current, reasonable, etc.	[reply]

Replies are listed 'Best First'.

Re^2: RFC / Audit: Mojo Login Example
by haukex (Archbishop) on Mar 25, 2020 at 06:53 UTC

I wonder why PBKDF2 instead of Bcrypt.

Just a recommendation I found while researching, but yes, there are quite a few alternatives (for example, some databases have this kind of functionality built in, e.g. pgcrypto). My main intent was to show that this kind of thing is necessary in general.

This kind of thing is deviously difficult to do simply, correctly, and cleanly

Yes, I'm definitely feeling that - so many different guides and recommendations that it's hard to keep track of what's current, reasonable, etc.

[reply]

In Section Seekers of Perl Wisdom