You may have a look at one of Authen::Passphrase modules. Particularly at Authen::Passphrase::SaltedDigest. Salt prevents attackers from using precomputed hashes.