"Sputnik" help  
Sputnik Help
PasswordNeedsRehash(<password>, <algo>, [<options>])

Description

Determines whether a stored password hash needs to be rehashed based on the provided algorithm and options.

Parameters

<password> The password to be checked for rehashing.
<algo> One of the following macros: @PasswordDefault, @PasswordBCrypt, @PasswordArgon2I, @PasswordArgon2Id.
[<options>] Optional array containing algorithm parameters.

Return Value

Success: Returns true if the password hash needs rehashing.
Failure: Returns false.

Remarks

The PasswordNeedsRehash function helps ensure that stored password hashes remain up-to-date with the latest security standards. It evaluates whether the hash needs rehashing based on the provided algorithm and any associated options.

Related

PasswordAlgos, PasswordHash, PasswordInfo, PasswordVerify

Example

Example of usage:

my $password = "catdog";
my $hash = @"$2a$10$4HwnW3.UyarPL7KIcf0hUuePxnIjnh0hUxGC5omV1LmL94ZPNyCmq"; // was 10 cost
my $algorithm = @PasswordBCrypt;
my $options = ["cost" => 11]; // cost changed to 11

say PasswordHash("catdog", $algorithm, $options);

if (PasswordVerify($password, $hash))
{
    say "Verfied"; // we dont rehash unless we first verify
    if (PasswordNeedsRehash($hash, $algorithm, $options))
    {
        // make the hash again this time with the updated options
        $newHash = PasswordHash($password, $algorithm, $options);
        say "new hash " . $newHash; // the new hash will have the 11 cost upgraded from 10
    }
}
else
    say "NOT Verfied";

In this example, we demonstrate a comprehensive password management scenario using the PasswordHash, PasswordVerify, and PasswordNeedsRehash functions in the Sputnik programming language.

Firstly, we initialize a password, $password, and a previously hashed password, $hash, with a cost factor of 10. Additionally, we specify the bcrypt hashing algorithm using the @PasswordBCrypt macro, and an optional parameter, $options, indicating a cost change to 11.

We then use the PasswordHash function to hash the original password with the bcrypt algorithm and the updated cost option of 11. The resulting hash is printed to the console.

Next, we attempt to verify the entered password against the stored hash using PasswordVerify. If the verification is successful, we enter a conditional block where we check if the stored hash needs rehashing using PasswordNeedsRehash. If rehashing is required, we generate a new hash with the updated cost using PasswordHash.

This example illustrates a secure password management workflow, emphasizing the importance of verifying a password before considering rehashing. It showcases the flexibility of Sputnik's password handling functions and the ability to adapt hash parameters for improved security without compromising existing user credentials.


Contact
Cheryl (uberfox@hotmail.com)
Homepage
http://ubersoft.org