File Coverage

blib/lib/Password/OWASP.pm

Criterion	Covered	Total	%
statement	6	6	100.0
branch			n/a
condition			n/a
subroutine	2	2	100.0
pod			n/a
total	8	8	100.0

line	stmt	sub	time	code
1				use warnings;
2	3	3	1495	use strict;
	3		5
	3		79
3	3	3	11
	3		6
	3		97
4				our $VERSION = '0.005';
5
6				# ABSTRACT: OWASP recommendations for password storage in perl
7
8				1;
9
10
11				=pod
12
13				=encoding UTF-8
14
15				=head1 NAME
16
17				Password::OWASP - OWASP recommendations for password storage in perl
18
19				=head1 VERSION
20
21				version 0.005
22
23				=head1 SYNOPSIS
24
25				package MyApp::Authentication;
26
27				use Password::OWASP::Scrypt; # or Bcrypt or Argon2
28
29				my $user = get_from_db();
30
31				my $owasp = Password::OWASP::Scrypt->new(
32
33				# optional
34				hashing => 'sha512',
35
36				# Optional
37				update_method => sub {
38				my ($password) = @_;
39				$user->update_password($password);
40				return;
41				},
42				);
43
44				=head1 DESCRIPTION
45
46				This module tries to implement L<OWASP\|https://owasp.org> password
47				recommendations for safe storage in Perl. In short OWASP recommends the
48				following:
49
50				=over
51
52				=item * Don't limit password length or characters
53
54				=item * Hash the password before you crypt them (deprecated)
55
56				=item * Use either Argon2, PBKDF2, Scrypt or Bcrypt
57
58				=back
59
60				This module currently supports Argon2, Scrypt and Bcrypt. All implementations
61				hash the password first with SHA-512. SHA-256 and SHA-1 are also supported.
62				This allows for storing password which are longer that 72 characters. OWASP now
63				recommends against this. This module will move away from prehashing.
64				In order to allow for a transition the default will stay, but emit a
65				deprecation warning. You can now set C<none> as a hashing option. This will
66				become the new default.
67
68				The check_password method allows for weaker schemes as the module also allows
69				for inplace updates on these passwords. Please note that clear text passwords
70				need to be prepended with C<{CLEARTEXT}> in order for L<Authen::Passphrase> to
71				do its work.
72
73				=head1 SEE ALSO
74
75				=over
76
77				=item * L<Password::OWASP::Argon2>
78
79				=item * L<Password::OWASP::Scrypt>
80
81				=item * L<Password::OWASP::Bcrypt>
82
83				=item * L<OWASP cheatsheet for password storage\|https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Password_Storage_Cheat_Sheet.md>
84
85				=item * L<OWASP cheatsheet for authentication storage\|https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Authentication_Cheat_Sheet.md>
86
87				=item * L<Authen::Passphrase>
88
89				=item * L<Authen::Passphrase::Argon2>
90
91				=item * L<Authen::Passphrase::Scrypt>
92
93				=item * L<Authen::Passphrase::BlowfishCrypt>
94
95				=back
96
97				=head1 AUTHOR
98
99				Wesley Schwengle <waterkip@cpan.org>
100
101				=head1 COPYRIGHT AND LICENSE
102
103				This software is Copyright (c) 2019 by Wesley Schwengle.
104
105				This is free software, licensed under:
106
107				The (three-clause) BSD License
108
109				=cut