view release on metacpan or  search on metacpan

lib/Crypt/Passphrase.pm  view on Meta::CPAN

=head1 TIPS AND TRICKS

=head2 Custom configurations

While encoders generally allow for a default configuration, I would strongly encourage anyone to research what settings work for your application. It is generally a trade-off between usability/resources and security.

If your application is deployed by different people than it's developed by it may be helpful to have the configuration for C<Crypt::Passphrase> part of your application configuration file and not be hardcoded so that your users can choose the right s...

=head2 Unicode

C<Crypt::Passphrase> considers passwords to be text, and as such you should ensure any password input is decoded if it contains any non-ascii characters. C<Crypt::Passphrase> will take care of both normalizing and encoding such input.

=head2 DOS attacks

Hashing passwords is by its nature a heavy operations. It can be abused by malignant actors who want to try to DOS your application. It may be wise to do some form of DOS protection such as a proof-of-work scheme or a captcha.

=head2 Levels of security

In some situations, it may be appropriate to have different password settings for different users (e.g. set them more strict for administrators than for ordinary users).

=head1 SEE ALSO

lib/Crypt/Passphrase/Util/Crypt64.pm  view on Meta::CPAN

=head1 VERSION

version 0.022

=head1 SYNOPSIS

 use Crypt::Passphrase::Crypt64 ':all';

 my $encoded = encode_crypt64('abcd');
 my $decoded = decode_crypt64($encoded);

=head1 DESCRIPTION

This module provides functions to encode and decode strings into and from the crypt64 encoding. This is similar to base64, but incompatible because it uses a slightl different alphabet and because it's little-endian. This encoding is traditionally us...

=head1 FUNCTIONS

=head2 encode_crypt64

This takes a bytestring and encodes it in crypt64.

t/15-crypt64.t  view on Meta::CPAN

use strict;
use warnings;

use Test::More;

use Crypt::Passphrase::Util::Crypt64 qw/encode_crypt64 decode_crypt64 encode_crypt64_number decode_crypt64_number/;

{
	my $encoded = encode_crypt64("\0\0\0");
	is $encoded, '....';
	my $decoded = decode_crypt64($encoded);
	is $decoded, "\0\0\0";
}

for my $text (qw/asdkljhasdlkjh fdpoisadujfpo/) {
	my $encoded = encode_crypt64($text);
	my $decoded = decode_crypt64($encoded);
	is $decoded, $text;
}

for my $number (1, 123, 123123) {
	my $encoded = encode_crypt64_number($number, 5);
	my $decoded = decode_crypt64_number($encoded);
	is $decoded, $number, "$number roundtrips";
}

for my $encoded (qw{D U ..../}) {
	my $decoded = decode_crypt64_number($encoded);
	my $recoded = encode_crypt64_number($decoded, length $encoded);
	is $recoded, $encoded, "'$encoded' roundtrips";
}

is length(encode_crypt64_number(234, 5)), 5;

done_testing;