Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch to modern bcrypt implementation #28

Open
Leont opened this issue Jan 9, 2022 · 1 comment
Open

Switch to modern bcrypt implementation #28

Leont opened this issue Jan 9, 2022 · 1 comment

Comments

@Leont
Copy link

Leont commented Jan 9, 2022
edited
Loading

This module is currently using Crypt::Eksblowfish::Bcrypt which is essentially unmaintained for the past decade. In particular, the rest of the world upgraded to the 2b variety of bcrypt back in 2014.

I've recently released Crypt::Bcrypt, which does support modern varieties of bcrypt. Or you could go a step further and use Crypt::Passphrase and gain cipher flexibility.
@Leont
Copy link
Author

Leont commented Dec 16, 2022

Actually, there's another problem that kind of complicates fixing this: the code is currently not saving/using the cost parameter, which means it can't scale up together with Moore's law (the security decreases every year because computers get faster).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Leont