Thanks this is helpful. It mentions a couple of options to look into. I was not using and had not heard of salted_hash but I will look into it. Someone in the bug report thread said it uses Crypt::SaltedHash which creates a salt for each user from a function of the username, which makes sense to me. Or I might check out this bcrypt from Authen::Passphrase.