ZEFRAM / Authen-Passphrase-0.008 / Changes

version 0.008; 2012-02-04

  * bugfix: avoid passing magic variables $1 et al into functions where
    they might unexpectedly change value

  * bugfix: in A::P::SaltedDigest, when loading digest modules, use
    bugfixed version of Module::Runtime (which works around a bug in
    Perl 5.8 and 5.10 regarding loading context-sensitive modules)

  * in base class documentation, indicate which algorithms should be
    preferred for new applications, and discuss side-channel attacks

  * in A::P::BlowfishCrypt documentation, discuss selection of cost

  * for A::P::MySQL41, get sha1() from Digest::SHA rather than
    Digest::SHA1, because Digest::SHA is included in the core distribution

  * add many cross links in documentation

  * documentation typo fixes

  * include META.json in distribution

  * convert .cvsignore to .gitignore

  * add MYMETA.json to .cvsignore

version 0.007; 2010-07-30

  * bugfix: in A::P::SaltedDigest, use "[0-9a-zA-Z_]" instead of "\w"
    in regexps where only ASCII characters are desired

  * bugfix: in A::P::BlowfishCrypt, require bugfixed version of
    Crypt::Eksblowfish (for memory leak fix)

  * bugfix: in A::P::SaltedDigest, require bugfixed version of
    Module::Runtime (for ASCII restriction of module name syntax)

  * in A::P::EggdropBlowfish, use Crypt::Eksblowfish::Uklblowfish instead
    of Crypt::Blowfish to remove limitation on passphrase length

  * abandon use of the "fields" module

  * use simpler "parent" pragma in place of "base"

  * in documentation, use the term "truth value" instead of the less
    precise "boolean"

  * in A::P documentation, add MooseX::Types::Authen::Passphrase to
    "see also" list

  * check for required Perl version at runtime

  * use full stricture in test suite

  * in Build.PL, explicitly declare configure-time requirements

  * remove bogus "exit 0" from Build.PL

  * add MYMETA.yml to .cvsignore

version 0.006; 2009-03-07

  * bugfix: in A::P::SaltedDigest, use "[0-9]" instead of "\d" in regexps
    where only ASCII digits are desired

  * bugfix: require bugfixed versions of Authen::DecHpwd,
    Crypt::Eksblowfish::Bcrypt, and Crypt::UnixCrypt_XS (for UTF8 scalar

  * bugfix: require bugfixed version of Authen::DecHpwd (for not crashing)

  * bugfix: require bugfixed version of Module::Runtime (for $SIG{__DIE__}

  * avoid "\x{}" in regexp character classes, for compatibility with
    perl v5.6

  * in documentation for A::P::SaltedDigest, briefly discuss the new
    generation of hash algorithms

  * test POD syntax and coverage, and rename some internal functions to
    satisfy the coverage test

  * drop prototypes from method subs (where the prototypes have no effect)

  * in tests, avoid unreliable "\S" regexp element

  * build with Module::Build instead of ExtUtils::MakeMaker

  * complete dependency list

  * more precise Crypt::Eksblowfish::Bcrypt dependency instead of
    Crypt::Eksblowfish dependency

  * include signature in distribution

  * in documentation, separate "license" section from "copyright" section

version 0.005; 2007-01-21

  * avoid "my __PACKAGE__", for compatibility with perl v5.6

  * point to Crypt::SaltedHash from documentation for A::P::SaltedDigest

  * remove bogus link to Crypt::Passwd from documentation for

  * grammar fix in documentation for A::P::LANManager

  * punctuation fix in documentation for A::P::Crypt16

version 0.004; 2006-09-01

  * implement Eggdrop blowfish.mod algorithm in
    Authen::Passphrase::EggdropBlowfish based on the Crypt::Blowfish
    module; initially limited to passphrases up to 56 bytes

  * in A::P::VMSPurdy, change ->hash_hex method to output in uppercase,
    as used in crypt strings

  * in A::P::VMSPurdy, add a "salt_hex =>" constructor parameter and a
    ->salt_hex method, handling salt in the hexadecimal format used in
    crypt strings

  * in documentation for A::P::DESCrypt, move the security warning to
    apply to both the traditional and extended schemes

  * in documentation for A::P::MySQL323, be more explicit about storage

  * documentation markup fix in A::P::BlowfishCrypt

version 0.003; 2006-08-31

  * implement VMS Purdy polynomial algorithm family (crypt identifiers
    $VMS1$, $VMS2$, and $VMS3$) in Authen::Passphrase::VMSPurdy based
    on the Authen::DecHpwd module

  * implement phpass algorithm (crypt identifier $P$) in

  * implement MySQL v3.23 algorithm in Authen::Passphrase::MySQL323
    based on the Crypt::MySQL module

  * implement MySQL v4.1 algorithm in Authen::Passphrase::MySQL41

  * in from_crypt, when handling known but unimplemented schemes, say so
    instead of not recognising the scheme identifier

  * move from_crypt and from_rfc2307 parsing code from Authen::Passphrase
    into scheme-specific modules

  * put all data stored in objects into canonical form, to avoid
    propagating dualvars or other oddities

  * document {CRYPT16}, ambiguously used by Exim

  * make {CRYPT} documentation more explicit

  * fix a bogus reference to DES in the documentation of

version 0.002; 2006-08-12

  * implement LAN Manager hash scheme (RFC 2307 identifiers {LANMAN}
    and {LANM}) in Authen::Passphrase::LANManager, along with separable
    halves (crypt identifier $LM$) in Authen::Passphrase::LANManagerHalf

  * implement Netscape Mail Server's MD5-based scheme (RFC 2307 identifier
    {NS-MTA-MD5}) in Authen::Passphrase::NetscapeMail

  * implement crypt16 from Ultrix in Authen::Passphrase::Crypt16

  * implement bigcrypt from Digital Unix in Authen::Passphrase::BigCrypt

  * implement RFC 2307 scheme identifier {MD4} (plain MD4)

  * implement RFC 2307 scheme identifier {RMD160} (plain RIPEMD-160)

  * implement RFC 2307 scheme identifier {MSNT} (NT-Hash)

  * implement crypt scheme identifier $NT$ (NT-Hash with a different
    textual format from $3$)

  * implement RFC 2307 scheme identifier {WM-CRY} (synonym for {CRYPT})

  * add a "passphrase =>" constructor parameter to
    A::P::BlowfishCrypt->new, A::P::DESCrypt->new, A::P::MD5Crypt->new,
    A::P::NTHash->new, and A::P::SaltedDigest->new (such a parameter
    also exists in the new A::P::BigCrypt->new, A::P::Crypt16->new,
    A::P::LANManager->new, A::P::LANManagerHalf->new, and

  * add a "salt_random =>" constructor parameter to
    A::P::BlowfishCrypt->new, A::P::DESCrypt->new, A::P::MD5Crypt->new,
    and A::P::SaltedDigest->new (such a parameter also exists in the new
    A::P::BigCrypt->new, A::P::Crypt16->new and A::P::NetscapeMail->new)

  * in A::P::SaltedDigest, accept bare package names and related forms,
    and references to blessed objects, as algorithm identifiers

  * in the from_crypt and from_rfc2307 constructors, reject strings
    containing spaces or control characters

  * in Authen::Passphrase::MD5Crypt, refuse to put a space character
    into a crypt string

  * in Authen::Passphrase::Clear, refuse to put spaces or control
    characters into an RFC 2307 string

  * in Authen::Passphrase::MD5Crypt, check that the salt string contains
    only bytes

  * prohibit the base class from_crypt and from_rfc2307 constructors
    being called on subclasses

  * in testing Authen::Passphrase::NTHash, check case handling

  * rewrite the from_crypt constructor to use scheme identifiers as such,
    the way from_rfc2307 already does

  * in documentation for the from_crypt constructor, list all known
    scheme identifiers

  * in documentation for the from_rfc2307 constructor, list known
    pseudo-schemes (where instead of a passphrase hash there is a
    reference to some other authentication mechanism)

  * discuss resistance to brute force attacks in documentation

  * more realistic example salts in the synopsis of A::P::MD5Crypt and

version 0.001; 2006-08-06

  * implement Blowfish-based crypt() scheme (crypt identifiers $2$
    and $2a$) in Authen::Passphrase::BlowfishCrypt, based on the new
    Crypt::Eksblowfish::Bcrypt module

  * include MIME::Base64 in dependency list in Makefile.PL

  * versioned dependencies

  * add test t/intdescrypt.t for the full DESCrypt interface

  * test full SaltedDigest interface in t/smd5.t and t/ssha.t

  * test full NTHash interface in t/nthash.t

  * use "=> 0" instead of "=> undef" in unversioned dependencies in

  * in the Authen::Passphrase constructors, note the effects of the
    runtime loading of specific recogniser class modules

  * comment on the origins of the MD5-based and Blowfish-based crypt()

  * corrected copyright year in README

version 0.000; 2006-05-23

  * initial released version

Hosting generously
sponsored by Bytemark