[Catalyst] Outcome of the "Security issue with hashed passwords in C:P:A:Password"?

Andrew Rodland andrew at cleverdomain.org
Sat Apr 10 06:54:46 GMT 2010


On Friday 09 April 2010 09:49:24 am Evan Carroll wrote:
> The vulnerability was never against salted_hash. I've since learned
> what Crypt::SaltedHash is I just don't believe I have a reason to use
> it. Why would I want to use something that serializes the hash and
> password into one database column when I can simply store them
> separately?

Why would you want the complexity of storing them separately when you could do 
it the way every other system on the planet does it? Why would you add 
duplicate functionality that's inferior to what it duplicates?



More information about the Catalyst mailing list