head

Crypt::AnyPasswordHash - use best installed password encryption


code

=begin code

use Crypt::AnyPasswordHash;

my $password = 'somepassword';

my Str $hash = hash-password($password);

if check-password($hash, $password ) {
    # password ok
}

=end code


This module exports two subroutines C<hash-password> and C<check-password>
which encrypt password and check a provided password against an encrypted hash.


The implementation for the C<hash-password> is provided by the first of:


item

which can be found.  C<Crypt::Libcrypt> will be installed as a dependency so it
will nearly always work but is dependent on the mechanisms provided by the C<libcrypt>:
with a fairly recent C<libcrypt> it will be able to determine and use the best
available algorithm, falling back to attempt SHA-512, however if that isn't available
it may fall back to DES which is not considered secure enough for production use. You
can tell you are getting DES when the hash returned by C<hash-password> is only 13
characters long, if this is the case then you should install one of the other providers.


The C<check-password> will attempt to validate against all the available mechanisms
until one validates the password or the mechanisms are exhausted.  This is so that, if
you are validating against stored hashes, if a new supported module is installed or
this module is upgraded then you will still be able to verify against hashes made by a
previous mechanism.




module Crypt::AnyPasswordHash {
}

sub EXPORT() {
    my &hash-password;
    my @checkers;

    my $DEBUG = ?%*ENV<CAPH_DEBUG> // False;

    my sub debug-load(Str $message) {
        note $message if $DEBUG;

    }

    {
        CATCH {
            default {
                debug-load("Couldn't load 'Crypt::SodiumPasswordHash'");
            }
        }
        if (require ::('Crypt::SodiumPasswordHash') <&sodium-hash &sodium-verify>) !=== Nil {
            if !&hash-password.defined {
                debug-load("Selected 'Crypt::SodiumPasswordHash'");
                &hash-password = &sodium-hash;
            }
            @checkers.append: &sodium-verify;
        }
    }
    {
        CATCH {
            default {
                debug-load("Couldn't load 'Crypt::Argon2'");
            }
        }
        if (require ::('Crypt::Argon2') <&argon2-hash &argon2-verify>) !=== Nil {
            if !&hash-password.defined {
                debug-load("Selected load 'Crypt::Argon2'");
                &hash-password = sub ( Str $password --> Str ) {
                    argon2-hash($password).subst(/\0+$/,'');
                };
            }
            @checkers.append: &argon2-verify;
        }
    }
    {
        CATCH {
            default {
                debug-load("Couldn't load 'Crypt::LibScrypt'");
            }
        }
        if ( require ::('Crypt::LibScrypt') <&scrypt-hash &scrypt-verify>) !=== Nil {
            if !&hash-password.defined {
                debug-load("Selected load 'Crypt::LibScrypt'");
                &hash-password = &scrypt-hash;
            }
            @checkers.append: &scrypt-verify;
        }
    }
    {
        CATCH {
            default {
                debug-load("Couldn't load 'Crypt::SodiumScrypt'");
            }
        }
        if ( require ::('Crypt::SodiumScrypt') <&scrypt-hash &scrypt-verify>) !=== Nil {
            if !&hash-password.defined {
                debug-load("Selected load 'Crypt::SodiumScrypt'");
                &hash-password = &scrypt-hash;
            }
            @checkers.append: &scrypt-verify;
        }
    }
    {
        CATCH {
            default {
                debug-load("Couldn't load 'Crypt::Bcrypt'");
            }
        }
        if ( require ::('Crypt::Bcrypt') <&bcrypt-hash &bcrypt-match>) !=== Nil {
            if !&hash-password.defined {
                debug-load("Selected load 'Crypt::Bcrypt'");
                &hash-password = &bcrypt-hash;
            }
            @checkers.append: sub ( Str $hash, Str $password --> Bool ) {
                bcrypt-match($password, $hash);
            };
        }
    }
    {
        CATCH {
            default {
                debug-load("Couldn't load 'Crypt::LibCrypt'");
            }
        }
        # Without the 'try' here it ends up by attempting to serialize a VMException under
        # some circumstances that appears to be related to when consumer is compiled
        if ( try require ::('Crypt::Libcrypt') <&crypt &crypt-generate-salt>) !=== Nil {
            if !&hash-password.defined {
                debug-load("Selected load 'Crypt::LibCrypt'");
                sub generate-salt(--> Str) {
                    if crypt-generate-salt() -> $salt {
                        $salt;
                    }
                    else {
                        my @chars = (|("a" .. "z"), |("A" .. "Z"), |(0 .. 9));
                        if $*DISTRO.name eq 'macosx' {
                            @chars.pick(2).join;
                        }
                        else {
                            '$6$' ~ @chars.pick(16).join ~ '$';
                        }
                    }
                }

                &hash-password = sub ( Str $password --> Str ) {
                    crypt($password, generate-salt());
                };
            }

            @checkers.append: sub ( Str $hash, Str $password --> Bool ) {
                (crypt($password, $hash) // '' )  eq $hash
            };
        }
    }
    if !&hash-password.defined {
       die q:to/EOMESS/;
        No hashing module installed, please install one of 'Crypt::SodiumPasswordHash', 'Crypt::Argon2', 'Crypt::SodiumScrypt' or 'Crypt::Libcrypt'
       EOMESS
    }

    my &check-password = sub ( Str $hash, Str $password --> Bool ) {
        my $rc = False;
        for @checkers -> &check {
            if check($hash, $password ) {
                $rc = True;
                last;
            }
        }
        $rc;
    };

    %(
        '&hash-password'    =>  &hash-password,
        '&check-password'   =>  &check-password
    );
}

# vim: expandtab shiftwidth=4 ft=raku


root

README

React

=begin React :component<HeaderCol> :id<menu> 
=para L<Documentation|/doc/introduction>
=para L<Modules| /mods>
=para L<Examples| file:../examples/index.podlite>
=para L<Download |file:../download/index.podlite>
=para L<About|file:../about/index.podlite>
=para 🔍 K<⌘K>/K<ctrl-K>
=end React


=begin React :component<HeaderCol> :id<footer>  
=begin nested :!nested
=item1 B<Language>
    =item2 L<Get started|file:../getting-started/getting-started.podlite>
    =item2 L<Why Raku?|/doc/language/faq#Why-should-I-learn-Raku-What's-so-great-about-it>
    =item2 L<Try Raku|https://glot.io/new/raku>
    =item2 L<Raku cheat sheet|https://github.com/Raku/mu/blob/master/docs/Perl6/Cheatsheet/cheatsheet.txt>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<Raku on Exercism|https://exercism.org/tracks/raku>
    =item2 L<Wikipedia|https://en.wikipedia.org/wiki/Raku_(programming_language)>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<empty|#>

=end nested
=begin nested :!nested

=item1 B<L<Documentation|/doc>>
    =item2 L<Getting started, Migration guides from other languages, & Tutorials | file:../doc/introduction.podlite>
    =item2 L<Language References|file:../doc/reference.podlite>
    =item2 L<Type Reference| file:../doc/types.podlite>
    =item2 L<Miscellaneous| file:../doc/miscellaneous.podlite>
    =item2 L<FAQs (Frequently Asked Questions)|/doc/language/faq>
    =item2 L<Community|/doc/language/community>
    =item2 L<The list of all documents|file:../doc/index.podlite>

=item1 B<Resources>
    =item2 L<The Raku Guide|https://raku.guide/>
    =item2 L<Books |https://perl6book.com/>
    =item2 L<Rosetta Code | https://www.raku.org/community/rosettacode>

=end nested
=begin nested :!nested

=item1 B<Resoures>
    =item2 L<Download | file:../download/index.podlite>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<empty|#>

=item1 B<Learning>
    =item2 L<The Raku Guide|https://raku.guide/>
    =item2 L<Wikibook |https://en.wikibooks.org/wiki/Raku_Programming>
    =item2 L<Books |https://perl6book.com/>
    =item2 L<Rosetta Code | https://www.raku.org/community/rosettacode>
    =item2 L<Learn Raku in Y minutes|https://learnxinyminutes.com/docs/raku/>
    =item2 L<Golfing |https://github.com/AlexDaniel/raku-golf-cheatsheet>
=end nested
=begin nested :!nested

=item1 B<Explore>
    =item2 L<Raku Blog Aggregator|https://planet.raku.org/>
    =item2 L<Rakudo Weekly|https://rakudoweekly.blog/>
    =item2 L<The Weekly Challenge |https://perlweeklychallenge.org/>
    =item2 L<Raku Advent Calendar|https://raku-advent.blog/>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<empty|#>
    =item2 L<empty|#>

=end nested
=end React


=begin React :component<CookieConsent> :id<CookieConsent> :buttonCaption("Got it!")
=para
This website uses cookies for analytics.
=end React


AnyPasswordHash

NAME

SYNOPSIS

DESCRIPTION

Crypt::AnyPasswordHash v0.1.3

Authors

License

Dependencies

Test Dependencies

Provides

Documentation