On Saturday 10 April 2010 11:21:27 am Evan Carroll wrote:
> Also, I should point out that Crypt::SaltedHash permits the same
> stupid idea of a static, non-random salt set up in the constructor.
> This makes it slightly more fishy: why would you ever want to use this
> module to do what I just did without it?
>
> # salt: You can specify your on salt. You can either specify it as a
> sequence of charactres or as a hex encoded string of the form
> "HEX{...}". If the argument is missing, a random seed is provided for
> you (recommended).
That's not why that argument exists, that's not how it gets used, and that's
not how C::A::Cred::Password uses it. If you'd thought for half a second, it
might have occurred to you that that calling convention actually exists to
support exactly what you're asking for -- storing the hash and salt separately
for some bizarre reason despite that each is entirely useless without the
other.
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
