Documentation for Fun and Profit

Last week at the London Perl Workshop, I gave my first ever talk. 20 minutes on the subject of documentation. I'm pleased to say it went very well, and I've had some fantastic feedback from everyone who saw it.

I thought the wider perl community would appreciate having a look at my slides. As always, it would make more sense to hear me talking - but this gives a good idea as to what the talk is about.

If anyone wants to invite me to speak at exotic locations around the world, I am available ;)

Documentation for Fun and Profit

Safely Storing Passwords

My first post on here, hope it's well received!

In light of recent database hacks (MtGox, Sony, etc) - How to safely store passwords is at the front of every developers mind.

Almost every dev knows that storing plaintext passwords is a bad idea, but most don't realise that storing a SHA hash should also be considered a bad idea.

The SHA + salt pattern has been widely adopted, however modern hardware can brute force such hashes in a reasonable time using CUDA. In the near future it's not inconceivable that arbitrary hashes could be brute forced in seconds.

Bcrypt solves the problem of hardware increasing in power, rendering your chosen hashing function obsolete. I suggest reading How To Safely Store A Password, by Coda Hale for the hairy details.

To use bcrypt in perl, you can use Crypt::Eksblowfish::Bcrypt.

To help people follow these best practices, I have wrote a Dancer plugin that simplifies created and verifying bcrypt hashes. Dancer::Plugin::Bcrypt. Any feedback is welcome :)

About LoonyPandora

user-pic I blog about Perl. I'm on Twitter, GitHub, and everywhere else as @LoonyPandora. Except the CPAN, where I'm JAITKEN. Silly character limits...