[Catalyst] Re: Security issue with hashed passwords in C:P:A:Password

Moritz Onken onken at houseofdesign.de
Wed Mar 24 06:29:03 GMT 2010

> Crypt::SaltHash makes the salt a function of the username, I haven't
> looked too much into the implementation but it certainly isn't the
> normal method of salting -- though it most probably helps some level.

It's not. Crypt::SaltedHash doesn't know about the username.


More information about the Catalyst mailing list