If you're already using Authen::Passphrase
, you can let it do all the work for you:
use Authen::Passphrase::BlowfishCrypt;
my $password = "Sneaky!";
my $ppr = Authen::Passphrase::BlowfishCrypt->new(
cost => 8,
salt_random => 1,
passphrase => $password,
);
my $string = $ppr->as_rfc2307;
print $string, "\n";
# Then, to verify the password
$ppr = Authen::Passphrase->from_rfc2307($string);
if ($ppr->match($password)) {
print "OK\n";
}
If you want to work with Crypt::Eksblowfish::Bcrypt
directly, note that it expects a 16-byte string as salt:
use Crypt::Eksblowfish::Bcrypt qw(bcrypt bcrypt_hash en_base64);
my $password = "Sneaky!";
my $salt = '';
for my $i (0..15) {
$salt .= chr(rand(256));
}
my $hash = bcrypt_hash({
key_nul => 1,
cost => 8,
salt => $salt,
}, $password);
# or
my $salt_base64 = en_base64($salt);
my $string = bcrypt($password, "\$2a\$08\$$salt_base64");
print $string, "\n";