Skip to content

0.9.0

Latest
Compare
Choose a tag to compare
@niwinz niwinz released this 09 Nov 13:49
· 70 commits to master since this release

Important notes

  • The encrypt function now selects a random algorithm from recommended
    algorithms list instead to have default one. This enables to have additional
    security layer having more than one algorithm to be broken for recover
    all passwords. This behavior is different from previous one and you should
    care about it. If you want the previous behavior, just preselect the
    prefered cipher passing it explicitly to the encrypt function.
  • The bcrypt+sha512 hasher strength is improved.

    The previous algorithm is still available for password checking only and
    password update setter will be triggered if password with old algorithm
    is used for checking process.
  • The pbkdf2+sha256 hasher strength is improved.

    A little weakness is discovered in the implementation that decreases the hash
    security from 256 bits to 160 bits (output truncation). This means that
    the old password are at least secure as pbkdf2+sha1, that is still
    condsidered secure and widele employed (besides, the sha256 hash output
    truncated to 160 bits is more secure than sha1, so you don't be worried
    about that).

    The hasher algorithm is backward compatible and if you are using the builtin
    helpers for password upgrading it will be automatically triggered if old
    version of password is checked.

Other changes

  • The pbkdf2+sha3_256 is renamed to pbkdf2+sha3-256. This is a backward
    compatible change because the previous alias is still conserved until the next
    release.
  • The md5 and sha256 hashers has been deprecated and will be removed in the
    next version.
  • Add :pbkdf2+blake2b-512 hasher as part of the recommended password hashers.
  • Add :pbkdf2+sha512 hasher as part of the recommended password hashers.
  • Add :bcrypt+sha384 hasher (for some one that does not like use blake2b-512).
  • The :algorithm parameter is deprecated in favor of the shorter :alg.