On Thu, Dec 13, 2012 at 11:47 AM, Henk van Oers <hvo.pm@xs4all.nl> wrote:
In particular, using Authen::Passphrase::BlowfishCrypt would be a sensible default scheme as long as the work factor is decently high (12+).
Or maybe Crypt::Eksblowfish like Dancer::Plugin::Passphrase ?
Authen::Passphrase uses Crypt::Eksblowfish and they are both by written by zefram. The advantage of Authen::Passphrass is that it handles multiple schemes in one API (and manages entropy generation). I wasn't debating bcrypt vs sha in general (you can google for that :-), merely saying that Authen::Passphrase would be a way to give people a lot of choice without needing a lot of work if David wanted to open it up to something other than Crypt::SaltedHash. David -- David Golden <xdg@xdg.me> Take back your inbox! → http://www.bunchmail.com/ Twitter/IRC: @xdg