Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re: RFC / Audit: Mojo Login Example

by Your Mother (Archbishop)
on Mar 23, 2020 at 21:00 UTC ( #11114580=note: print w/replies, xml ) Need Help??


in reply to RFC / Audit: Mojo Login Example

I have not played with the code though I should. I wonder why PBKDF2 instead of Bcrypt. Even with all the time passed making the latter the ageing technology… it’s never been broken—which is a better and better sign with an older algorithm—and with standard hardware it’s still harder to brute force.

This kind of thing is deviously difficult to do simply, correctly, and cleanly so I really appreciate you putting an implementation forward.

Replies are listed 'Best First'.
Re^2: RFC / Audit: Mojo Login Example
by haukex (Bishop) on Mar 25, 2020 at 06:53 UTC
    I wonder why PBKDF2 instead of Bcrypt.

    Just a recommendation I found while researching, but yes, there are quite a few alternatives (for example, some databases have this kind of functionality built in, e.g. pgcrypto). My main intent was to show that this kind of thing is necessary in general.

    This kind of thing is deviously difficult to do simply, correctly, and cleanly

    Yes, I'm definitely feeling that - so many different guides and recommendations that it's hard to keep track of what's current, reasonable, etc.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11114580]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (5)
As of 2021-12-01 13:33 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    R or B?



    Results (10 votes). Check out past polls.

    Notices?