Help language development. Donate to The Perl Foundation
Crypt::LibScrypt zef:jonathanstowe last updated on 2022-08-07
Crypt::LibScrypt
Scrypt password hashing using libscrypt
Synopsis
use Crypt::LibScrypt;
my $password = 'somepa55word';
my $hash = scrypt-hash($password);
if scrypt-verify($hash, $password ) {
# password ok
}
Description
This module provides a binding to the scrypt password hashing functions provided by libscrypt.
It is an alternative to Crypt::SodiumScrypt where one or other of the native libraries is already available or more easily installed.
However the two libraries may not be completely interchangeable as the hash may have a different salt prefix. You also can't use both in the same program without some care as both modules
export scrypt-hash and scrypt-verify.
The Scrypt algorithm is designed to be prohibitively expensive in terms of time and memory for a brute force attack, so is considered relatively secure. However this means that it might not be suitable for use on resource constrained systems. The cost parameters for scrypt-hash can be tuned - the defaults are a reasonable compromise though.
The hash returned by scrypt-hash is in the format used in /etc/shadow and can be verified by other libraries that understand the Scrypt algorithm ( such as the libxcrypt that is used for password hashing on some Linux distributions.)
Installation
You will need to have C
Assuming that you have a working installation of Rakudo then you should be able to install this with zef :
zef install Crypt::LibScrypt
# Or from a local clone
zef install .
Support
If you any suggestions/patches feel free to send them via:
https://github.com/jonathanstowe/Crypt-LibScrypt/issues
Licence & Copyright
This is free software please see the LICENCE file in the distribution for details.
© Jonathan Stowe 2021