File Coverage

blib/lib/Password/OWASP.pm
Criterion Covered Total %
statement 6 6 100.0
branch n/a
condition n/a
subroutine 2 2 100.0
pod n/a
total 8 8 100.0


line stmt bran cond sub pod time code
1             use warnings;
2 3     3   1677 use strict;
  3         6  
  3         82  
3 3     3   13  
  3         6  
  3         112  
4             our $VERSION = '0.003';
5              
6             # ABSTRACT: OWASP recommendations for password storage in perl
7              
8             1;
9              
10              
11             =pod
12              
13             =encoding UTF-8
14              
15             =head1 NAME
16              
17             Password::OWASP - OWASP recommendations for password storage in perl
18              
19             =head1 VERSION
20              
21             version 0.003
22              
23             =head1 SYNOPSIS
24              
25             package MyApp::Authentication;
26              
27             use Password::OWASP::Scrypt; # or Bcrypt or Argon2
28              
29             my $user = get_from_db();
30              
31             my $owasp = Password::OWASP::Scrypt->new(
32              
33             # optional
34             hashing => 'sha512',
35              
36             # Optional
37             update_method => sub {
38             my ($password) = @_;
39             $user->update_password($password);
40             return;
41             },
42             );
43              
44             =head1 DESCRIPTION
45              
46             This module tries to implement L<OWASP|https://owasp.org> password
47             recommendations for safe storage in Perl. In short OWASP recommends the
48             following:
49              
50             =over
51              
52             =item * Don't limit password length or characters
53              
54             =item * Hash the password before you crypt them
55              
56             =item * Use either Argon2, PBKDF2, Scrypt or Bcrypt
57              
58             =back
59              
60             This module currently supports Argon2, Scrypt and Bcrypt. All implementations
61             hash the password first with SHA-512. SHA-256 and SHA-1 are also supported.
62             This allows for storing password which are longer that 72 characters.
63              
64             The check_password method allows for weaker schemes as the module also allows
65             for inplace updates on these passwords. Please note that clear text passwords
66             need to be prepended with C<{CLEARTEXT}> in order for L<Authen::Passphrase> to
67             do its work.
68              
69             =head1 SEE ALSO
70              
71             =over
72              
73             =item * L<Password::OWASP::Argon2>
74              
75             =item * L<Password::OWASP::Scrypt>
76              
77             =item * L<Password::OWASP::Bcrypt>
78              
79             =item * L<OWASP cheatsheet for password storage|https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Password_Storage_Cheat_Sheet.md>
80              
81             =item * L<OWASP cheatsheet for authentication storage|https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Authentication_Cheat_Sheet.md>
82              
83             =item * L<Authen::Passphrase>
84              
85             =item * L<Authen::Passphrase::Argon2>
86              
87             =item * L<Authen::Passphrase::Scrypt>
88              
89             =item * L<Authen::Passphrase::BlowfishCrypt>
90              
91             =back
92              
93             =head1 AUTHOR
94              
95             Wesley Schwengle <waterkip@cpan.org>
96              
97             =head1 COPYRIGHT AND LICENSE
98              
99             This software is Copyright (c) 2019 by Wesley Schwengle.
100              
101             This is free software, licensed under:
102              
103             The (three-clause) BSD License
104              
105             =cut