Use 2a variant of bcrypt

Leont · Leont · commit c14cafc47e82 · 2024-04-25T13:58:58.000+02:00
The 2 variant has been replaced in almost all places, to the point where
modern bcrypt libraries don't even support it. That is also why I can't
move it to the 2b variant instead (as most of the rest of the world has
since 2014.
diff --git a/lib/PAUSE/Crypt.pm b/lib/PAUSE/Crypt.pm
@@ -9,7 +9,7 @@ sub hash_password {
   my ($pw) = @_;
 
   $pw = substr $pw, 0, 72;
-  my $hash = bcrypt($pw, '$2$12$' . en_base64( urandom(16) ));
+  my $hash = bcrypt($pw, '$2a$12$' . en_base64( urandom(16) ));
 }
 
 sub password_verify {
@@ -28,7 +28,7 @@ sub password_verify {
 sub maybe_upgrade_stored_hash {
   my ($arg) = @_;
 
-  return if length $arg->{old_hash} > 13; # already bcrypt
+  return if $arg->{old_hash} =~ /^\$2a\$/; # already bcrypt
 
   my $new_hash = hash_password($arg->{password});
 
