/ 
Crypt-PBKDF2-0.110460
/ Crypt::PBKDF2::Hash
Security Advisories (3)
CVE-2017-20240 (2026-06-12)

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key.

CVE-2026-9638 (2026-06-12)

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography.

CVE-2026-9641 (2026-06-12)

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000 iterations should be used.

NAME

Crypt::PBKDF2::Hash - Abstract role for PBKDF2 hashing algorithms.

VERSION

version 0.110460

METHODS

hash_len()

Returns the length (in bytes) of the hashes this algorithm generates.

generate($data, $key)

Generate strong pseudorandom bits based on the $data and $key

to_algo_string()

Return a string representing any optional arguments this object was created with, for use by Crypt::PBKDF2's generate and encode_string methods. May return undef if no arguments are required, in which case none will be serialized and from_algo_string won't be called on reading the hash.

from_algo_string($str)

Given a string as produced by from_algo_string, return an instance of this class with options corresponding to those in $str. If no options are expected, it's permissible for this method to throw an exception.

AUTHOR

Andrew Rodland <arodland@cpan.org>

COPYRIGHT AND LICENSE

This software is copyright (c) 2011 by Andrew Rodland.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.