Monthly Archives: July 2011

Dancer web framework, Perl

Secure password handling in Dancer apps with Bcrypt

James Aitken has released Dancer::Plugin::Bcrypt, a new plugin for Dancer apps to make secure password hashing using Bcrypt easy.

For a background on why you ought to use Bcrypt rather than simpler hashing, see http://codahale.com/how-to-safely-store-a-password/ – basically, using MD5/SHA etc is too inexpensive, meaning that, even with a good salt, cracking the hash isn’t too hard to do these days, especially with the advent of use of the GPU. Bcrypt is intentionally expensive and slow (you can decide just how much).

Dancer::Plugin::Bcrypt makes validating a password hash as easy as:


if (bcrypt_validate_password($entered_password, $stored_hash)) {
    ...
}

Generating a hash to store is also very simple:


my $hash = bcrypt($plaintext);

Generation of random salt is taken care of for you.

*UPDATE* – the above is a nice simple way to quickly get secure password hashing with minimal effort – it is likely not the best way, though. If you’re already using DBIx::Class, then see DBIx::Class::PassphraseColumn for a better way to do this automatically at your database model level.

Thanks to mst for prompting me to mention the above :)

Wibbles

Virgin Media – quit adding adverts to On-Demand stuff

1 Comment

At home we have TV through Virgin Media, with “TV XL”.

As part of the package, we get on-demand TV shows and music videos, but recently Virgin have started adding adverts (for example, for FilmFlex) to the start of the videos. Sorry, what? We’re paying a fortune for the service which includes on-demand stuff; don’t add adverts to it. If we were getting it for free and it was subsidised by the adverts, fair enough, but we’re paying for it, so just show us what we ask for, without adding crap.

Time to call them up I think.