[Catalyst] Outcome of the "Security issue with hashed passwords in C:P:A:Password"?

Evan Carroll lists at evancarroll.com
Fri Apr 9 14:49:24 GMT 2010

> As far as I can tell, the whole point of this patch is aimed at the 'hashed'
> password case only (rather than 'salted_hash').

The vulnerability was never against salted_hash. I've since learned
what Crypt::SaltedHash is I just don't believe I have a reason to use
it. Why would I want to use something that serializes the hash and
password into one database column when I can simply store them

Now, I have everything I want running locally.

Evan Carroll
System Lord of the Internets

More information about the Catalyst mailing list