No such thing as a small change | |
PerlMonks |
How is Catalyst storing my password salts??by falseazure (Acolyte) |
on Feb 01, 2011 at 06:16 UTC ( [id://885412]=perlquestion: print w/replies, xml ) | Need Help?? |
falseazure has asked for the wisdom of the Perl Monks concerning the following question: Greetings, Monks! I'm using Catalyst::Plugin::Authentication to salt my users' passwords with a 10-digit salt, then hash them with SHA-256. From what I understand, this means 10 extra characters are appended to the end of each user-entered password and then the password+salt string is run through the SHA-256 digest, and the output of that is stored in the database password field. It works, but I don't get how. After reading a bunch of docs (Catalyst::Manual::Tutorial::05_Authentication, Catalyst::Plugin::Authentication, DBIx::Class::EncodedColumn, DBIx::Class::EncodedColumn::Digest) I still can't figure out how the hashes in the database are correctly reproduced when a user re-enters their password later. Because where are the salts stored? Or how are they regenerated? Or am I not getting something fundamental about how salting/hashing works? Thanks!
Back to
Seekers of Perl Wisdom
|
|