racke
commented
8 years ago @thunder- says it works with version 0.089.
Closed thunder- closed 8 years ago
racke
commented
8 years ago @thunder- says it works with version 0.089.
racke
commented
8 years ago Authen::Passphrase was introduced in 0.090.
racke
commented
8 years ago @SysPete, what was the justification to switch to Authen::Passphrase?
SysPete
commented
8 years ago One of the biggest reasons: EncodedColumn require all values in a hashed column to use the same hashing scheme. PassphraseColumn stores both the hashed passphrase value and the scheme used to hash it. Therefore it's possible to have different rows using different hashing schemes.
This is especially useful when, for example, being tasked with importing records (e.g. users) from a legacy application, that used a certain hashing scheme and has no plain-text passwords available, into another application that uses another hashing scheme.
Another scenario might be a zero-day vulnerability in the used cipher so site admin can change cipher and force password change on next login so all passwords get upgraded to new scheme.
SysPete
commented
8 years ago My mistake which broke backwards-compatibility with older schema versions was the choice of rfc2307 encoding. I will change this to crypt so that the next schema release will gain backwards-compatibility with existing passwords from v0.089 and earlier.
SysPete
commented
8 years ago @thunder-: @racke just made a new release v0.092 which includes just this one fix.
You will see something like: