http://www.perlmonks.org?node_id=903995


in reply to How to use salt with CGI::Application::Plugin::Authentication

I've never seen anyone store salts in a separate table - that's pretty weird. The salt is normally appended to the password, and the two stored together in the same table column.

So, what you would normally see looks more like this:

__PACKAGE__->authen->config( DRIVER => [ 'DBI', DBH => $dbh, # provide your own DBI handle TABLE => 'user', CONSTRAINTS => { 'user.name' => '__CREDENTIAL_1__' } COLUMNS => { 'crypt:password' => '__CREDENTIAL_2__' }, ], );

Note that there's only one table, so there's no need for a join, but since the password is encoded, you need a 'COLUMNS' field.

But what you really want is MD5 encryption. To do that, you need to write a custom filter using Crypt::PasswdMD5, call it cryptmd5, then use it like this:

__PACKAGE__->authen->config( DRIVER => [ 'DBI', DBH => $dbh, # provide your own DBI handle TABLE => 'user', CONSTRAINTS => { 'user.name' => '__CREDENTIAL_1__' } COLUMNS => { 'cryptmd5:password' => '__CREDENTIAL_2__' }, FILTERS => { cryptmd5 => \&cryptmd5_filter }, ], );

Implement cryptmd5_filter just like crypt_filter (see the CGI::Application::Plugin::Authentication::Driver::Filter::crypt source), only replace crypt() with unix_md5_crypt(). I think that will do what you want.

Replies are listed 'Best First'.
Re^2: How to use salt with CGI::Application::Plugin::Authentication
by Anonymous Monk on May 11, 2011 at 23:36 UTC
    I want to use a different salt for each account. The salt *is* eventually appended to the password but stored separately. Storing them in a different table instead of a different column was just an added (perhaps unnecessary) security step.

    Thanks for your suggestion. I have been trying it out. The 'Columns' has been added but as of yet, I haven't been able to get the sub cryptmd5_filter working.