[Catalyst] Migrate from SHA hashed passwords to Bcrypt crypted passwords

Mark Blackman m.blackman at fairfx.com
Mon Jul 11 15:34:09 GMT 2011


On 11 Jul 2011, at 15:59, Pavel Karoukin wrote:

> Hello,
> 
> Right now I am using SHA hashed passwords in my Catalyst application (https://github.com/hippich/Bitcoin-Poker-Room). While SHA is better then MD5, I still want to migrate to Bcrypt. 
> 
> I have two questions:
> 
> 1) Catalyst::Authentication::Credential::Password seems to not support Bcrypt since it relies on Digest and Digest do not have Bcrypt as an option. Should I use DBIx::Class::EncodedColumn with Crypt::Eksblowfish::Bcrypt ?

I think you could locally patch Catalyst::Authentication::Credential::Password and/or submit an upstream patch to handle bcrypt hashing as
another password_type a bit like 'salted_hash'.

> 
> 2) How I should update my application to have first check against new hashing algorithm and if password returns incorrect, try old one (SHA)? Should I do it through realms, or just check password in my authentication controller directly instead?

I'd define two realms in your configuration for each password type and then attempt authentication against both realms.

- Mark




More information about the Catalyst mailing list