On Thu, 13 Dec 2012, David Golden wrote:
On Tue, Dec 11, 2012 at 6:10 AM, David Precious <davidp@preshweb.co.uk> wrote:
The reason I used Crypt::SaltedHash there is it's good at working out what hashing scheme is in use and just doing the right thing. If it's at all difficult to configure or understand, users might decide not to use it and just use plain text passwords instead; whilst I think they should have that choice, I think it should be seriously discouraged :)
At the risk of inflicting dependencies on people, I suggest looking at Authen::Passphrase for dealing with various ways to hash passwords.
In particular, using Authen::Passphrase::BlowfishCrypt would be a sensible default scheme as long as the work factor is decently high (12+).
Or maybe Crypt::Eksblowfish like Dancer::Plugin::Passphrase ? -- Henk