diff options
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 16 |
1 files changed, 16 insertions, 0 deletions
@@ -106,6 +106,22 @@ Existing Hashes .. [#consteq] "constant time" is a misnomer, it actually takes ``THETA(len(righthand_value))`` time. + .. _strict-parameters: + + *Strict Parameters* + Previous releases of Passlib would silently correct any invalid values + (such as ``rounds`` parameters that were out of range). This is was deemed + undesirable, as it leaves developers unaware they are requesting + an incorrect (and potentially insecure) value. + + Starting with this release, providing invalid values to + :meth:`PasswordHash.encrypt <passlib.ifc.PasswordHash.encrypt>` + will result in a :exc:`ValueError`. However, most hashes now accept + an optional ``relaxed=True`` keyword, which causes Passlib + to try and correct invalid values, and if successful, + issue a :exc:`~passlib.exc.PasslibHashWarning` instead. + These warnings can then be filtered if desired. + :doc:`bcrypt <lib/passlib.hash.bcrypt>` The BCrypt hash now supports the `crypt_blowfish <http://www.openwall.com/crypt/>`_ project's ``$2y$`` hash prefix. |