Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re: Adjust bcrypt cost to prevent future password hash attacks

by ikegami (Pope)
on Jun 12, 2012 at 20:57 UTC ( #975874=note: print w/replies, xml ) Need Help??


in reply to Adjust bcrypt cost to prevent future password hash attacks

Just store the cost along with the salt and the hash.

Have the user change his password the next time he logs in after you increase the cost.

sub set_passwd { my ($user, $passwd) = @_; my $cost = COST; my $salt = _get_random_salt(); _set_passwd($user, "$cost:$salt:$passwd); } sub check_passwd { my ($user, $submitted_passwd) = @_; my ($cost, $salt, $passwd) = split /:/, _get_passwd($user); return hash($submitted_passwd, $salt, $cost) ne $passwd; } sub is_passwd_expired { my ($user) = @_; my ($cost, $salt, $passwd) = split /:/, _get_passwd($user); return $cost != COST; }

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://975874]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (4)
As of 2019-01-21 04:30 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    After Perl5, I'm mostly interested in:
































    Results (351 votes). Check out past polls.

    Notices?
    • (Sep 10, 2018 at 22:53 UTC) Welcome new users!