[Catalyst] Outcome of the "Security issue with hashed passwords
in C:P:A:Password"?
Evan Carroll
lists at evancarroll.com
Fri Apr 9 14:49:24 GMT 2010
> As far as I can tell, the whole point of this patch is aimed at the 'hashed'
> password case only (rather than 'salted_hash').
The vulnerability was never against salted_hash. I've since learned
what Crypt::SaltedHash is I just don't believe I have a reason to use
it. Why would I want to use something that serializes the hash and
password into one database column when I can simply store them
separately?
Now, I have everything I want running locally.
--
Evan Carroll
System Lord of the Internets
More information about the Catalyst
mailing list