Brent Royal-Gordon > WWW-Kontent > WWW::Kontent::Hash

Download:
WWW-Kontent-0.02.tar.gz

Annotate this POD

View/Report Bugs
Source  

NAME ^

WWW::Kontent::Hash - Cryptographic hash utility functions for Kontent

SYNOPSIS ^

        my $hash=gen_hash('Example', :algorithm<auto>, @data);
        cmp_hash($hash, 'Example', @data) or die "Shouldn't happen!";

DESCRIPTION ^

The WWW::Kontent::Hash module is used to create and compare cryptographic hashes in Kontent's standard format. (If you don't know what a cryptographic hash is, Wikipedia has a good article on them: http://en.wikipedia.org/wiki/Cryptographic_hash_function.)

Algorithm

Kontent is designed to allow the default hash algorithm to be easily changed; this helps it adapt to the ever-shifting world of security, where last week's best practice is often this week's attack. Another goal of this module is to ensure that no two hashes in Kontent are alike, even if the same piece of data appears in different contexts. For example, if a user's password happens to also come up as a session ID, the hashes shouldn't match.

To achieve all this, Kontent joins together a number of constant strings with a string representing the part of the system the hash belongs to (such as 'Session' or 'User') and the actual data being hashed. The string is then hashed, and the Base64 value of the hash is concatenated to the name of the hash algorithm used. The name of the algorithm is used later to ensure that the hash is compared using the proper algorithm.

Supported Algorithms

This module can potentially support any of Perl 5's Digest::* modules. Currently it attempts to load the following algorithms:

Subroutines

gen_hash('module', :algorithm<auto>, 'data1', 'data2')

Generates a hash using the indicated algorithm, module and data. The default value of the named :algorithm argument is auto, meaning that the most secure algorithm available should be used.

Note: Although :algorithm should be optional, in the current version of Pugs it is requred.

cmp_hash($hash, 'module', 'data1', 'data2')

Compares the given hash to the given module and data. Internally, this works by generating a hash with the same algorithm used to generate $hash, then comparing the new hash to $hash.

SEE ALSO ^

WWW::Kontent, Digest::SHA1

Bruce Schneier. Applied Cryptography, 2nd Edition, Wiley, 1996, ISBN 0471117099.

syntax highlighting: