summaryrefslogtreecommitdiff
path: root/CHANGES
Commit message (Collapse)AuthorAgeFilesLines
* CryptPolicy deprecation, part 5 - updated docs, changelog, benchmark scriptEli Collins2012-04-171-22/+31
|
* updated passlib.apache module's api - more flexible to use, changed some ↵Eli Collins2012-04-171-0/+5
| | | | ambiguous method names
* issue warning if app requests even bsdi_crypt roundsEli Collins2012-04-131-0/+3
|
* clarify behavior for secret=None and hash=NoneEli Collins2012-04-111-0/+8
| | | | | | | | | | | | | | | | | | | | | | | * passing a non-string secret or non-string hash to any CryptContext or handler method will now reliably result in a TypeError. previously, passing hash=None to many handler identify() and verify() methods would return False, while others would raise a TypeError. other handler methods would alternately throw ValueError or TypeError when passed a value that wasn't unicode or bytes. the various CryptContext methods also behaved inconsistently, depending on the behavior of the underlying handler. all of these behaviors are gone, they should all raise the same TypeError. * redid many of the from_string() methods to verify the hash type. * moved secret type & size validation to GenericHandler's encrypt/genhash/verify methods. this cheaply made the secret validation global to all hashes, and lets _calc_digest() implementations trust that the secret is valid. * updated the CryptContext and handler unittests to verify the above behavior is adhered to.
* ldap salted digest improvementsEli Collins2012-04-091-0/+3
| | | | | | * support variable salt size of 4-16 bytes [issue 30]. * throw correct error when invalid base64 encoding is encountered. * added some test vectors for the above.
* *all* hashes now throw PasswordSizeError if password is larger than 4096 ↵Eli Collins2012-04-091-0/+8
| | | | chars; to prevent DOS issues.
* doc tweaksEli Collins2012-03-121-1/+3
|
* doc tweaksEli Collins2012-03-101-2/+2
|
* various bcrypt improvementsEli Collins2012-03-101-0/+4
| | | | | | | | | | | | * studied crypt_blowfish's 8bit bug - verified none of passlib's backends were affected - added recognition (but not support) for crypt_blowfish's $2x$ hash prefix - added support for crypt_blowfish's $2y$ hash prefix - note in docs about Passlib's current handling of crypt_blowfish 8bit issues. * refactored bcrypt's salt-unused-bits repair code into Base64Engine.repair_unused(), making the code cleaner and more isolated. a bunch more tests. * added bcrypt64 (bcrypt-base64 variant) to utils * added LazyBase64Engine to reduce memory / startup time
* did rewrite of unix_fallback as unix_disabled; unix_fallback is now deprecatedEli Collins2012-03-101-0/+5
|
* added Window's DCC hashes (aka mscache / mscash) version 1 & 2Eli Collins2012-03-101-0/+5
|
* renamed nthash -> bsd_nthash; added real nthash implementedEli Collins2012-03-101-0/+5
| | | | | | | after some thought, realized the 'nthash' name should implement the raw hash. since bsd_nthash was very rarely used, it shouldn't present backwards incompatibility issues at this point to go ahead and rename it.
* added support for lmhashEli Collins2012-03-101-0/+3
|
* added support for Cisco PIX & Type 7 hashesEli Collins2012-03-101-0/+5
| | | | | | | | * Cisco Type 5 appears to be same as md5_crypt * added requires_user=False support to HandlerCase * added more through salt-generation test (since cisco_pix has only 4 bits of salt) * added HandlerCase test to ensure user is used as salt
* added mssql 2000/2005 hashes; enhanced HandlerCase's password case sensitive ↵Eli Collins2012-03-101-0/+4
| | | | test
* utils.handlers framework reworked; removed a bunch of boilerplate codeEli Collins2012-03-091-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | * StaticHandler is now subclass of GenericHandler - _calc_checksum() should be implemented instead of encrypt(). (compatibility stub added so old code should continue to work) - _norm_hash() no longer needs to handle ->unicode conversion - default from_string() contains a bunch of features, including stripping a known prefix, etc. * context kwds now pulled into constructor, so GenericHandler supports context kwds properly; HasUserContext mixin added to support common 'user' context kwd * identify_regexp & identify_prefix removed, functionality rolled into default GenericHandler.identify() implementation. - default identify checks _hash_regex as potential way to identify hashes * HasStubChecksum removed, functionality rolled into GenericHandler * HasRawChecksum now just sets a flag, functionality moved into GenericHandler * HasManyIdents._parse_ident() helper added to valid & split identifier from hashes. * GenericHandler._norm_checksum() is now strict about unicode / bytes
* MergeEli Collins2012-02-081-1/+14
|\
| * renamed calc_checksum() -> _calc_checksum(), hiding the last of the private ↵Eli Collins2012-02-081-1/+2
| | | | | | | | methods of most handlers
| * documentation updates for last two commitsEli Collins2012-02-081-2/+14
| |
* | deprecating min_verify_time option; doesn't meaningfully increase security, ↵Eli Collins2012-01-191-1/+5
|/ | | | and adds code complexity
* minor updatesEli Collins2012-01-191-0/+4
|
* split exceptions/warnings to separate module; added some additional warning ↵Eli Collins2012-01-181-1/+1
| | | | classes to make filtering easier
* deprecated unused int<->bytes utilsEli Collins2012-01-181-0/+3
|
* replaced utils.h64 module with utils.Base64Engine instanceEli Collins2012-01-181-2/+9
| | | | | | | | | | | * new utils.Base64Engine() provides flexible class for encoding arbitrary base64 charmaps. it should also be a bit faster than the old h64 module. * predefined 'h64' instance has mostly the same methods as the old h64 module which it takes the place off - so imports should be unaffected. (the only the exception of the xxx_dc_xxx methods, which now use the 'h64big' instance) * replaced utils._blowfish base64 encoding with custom Base64Engine instance to reduce code duplication. * more through unittests for Base64Engine.
* added example hashes to scram documentation, other doc tweaksEli Collins2012-01-101-7/+18
|
* builtin implementations of md5_crypt and sha256/512_crypt sped up by about 25%Eli Collins2012-01-051-0/+4
|
* CryptContext can now run passwords through SASLPrep via "passprep" options ↵Eli Collins2012-01-021-0/+5
| | | | [issue 24]
* deprecated to_hash_str, replaced all instances with to_native_strEli Collins2011-12-281-1/+0
| | | | | | decided that to_hash_str will always return native string, feature of hashes being returned as unicode under python 2 is better done through a CryptContext option.
* branch done, will merge into defaultno2to3-devEli Collins2011-12-281-0/+3
|
* large rewrite of how CryptPolicy is parsed and compiled; should result in ↵Eli Collins2011-12-221-0/+5
| | | | *much* shorter codepath when calling CryptContext.encrypt(), etc
* all verify() methods now use "constant time" comparison function (see ↵Eli Collins2011-12-011-7/+27
| | | | CHANGELOG for details)
* minor documentation changesEli Collins2011-12-011-4/+4
|
* Merge 1.5.3 bugfixesEli Collins2011-10-081-0/+38
|\
| * Merge fixes from release-1.5Eli Collins2011-09-191-0/+37
| |\
| | * restored pure-python bcrypt implementation that was removed in r5211db139659Eli Collins2011-09-141-0/+11
| | |
| | * misc doc changesEli Collins2011-09-141-9/+17
| | |
| | * beginning 1.6 devEli Collins2011-08-251-2/+20
| | | | | | | | | | | | | | | * removed previously deprecated support for ConfigParser interpolated files * removed previously deprecated support for set_backend(None)
* | | bumped to 1.5.31.5.3Eli Collins2011-10-081-1/+1
| | |
* | | bcrypt padding work:Eli Collins2011-10-071-0/+45
|/ / | | | | | | | | | | | | | | * added changelog entry re: issue & fix * bcrypt now warns about padding bits in digest as well * bcrypt.normhash() now normalizes salt padding bits, digest padding bits, and rounds zero-padding * hash_needs_update() will now flag unclean bcrypt hashes as needing an update * UTs for hash_needs_update(), and digest padding bit handling
* | bumped to 1.5.21.5.2Eli Collins2011-09-191-2/+2
| |
* | improvements to passlib.ext.djangoEli Collins2011-09-141-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | even though it hasn't been officially documented, some people are using it, so... major ----- * DEFAULT_CTX now uses SHA512-Crypt instead of PBKDF2-HMAC-SHA256, this should be natively supported on a larger number of platforms. * added full unittest suite for passlib.ext.django: - checks monkeypatch implementation - checks full plugin behavior - STOCK_CTX is compared against official Django behavior minor ----- * ``set_django_password_context()`` now patches ``django.contrib.auth.models.check_password()`` as well as User methods. * now exposes active context as ``User.password_context`` when patch is enabled. * replacement ``User.check_password`` now handles None and unusable passwords explicitly, even if context doesn't include support for django_disabled.
* | fixed small bug in CryptPolicy.iter_config() related to deprecation optionsEli Collins2011-09-141-5/+10
| |
* | added documentation for verify_and_updateEli Collins2011-09-141-7/+14
| |
* | small formatting change to CHANGES fileEli Collins2011-09-121-21/+35
| |
* | bugfix: django_des_crypt now accepts all H64_CHARS in salt [issue 22]Eli Collins2011-09-121-2/+18
|/ | | | | | * also added more django-related unittests * django_des_crypt now uses des_crypt handler instead of raw_des_crypt function * django_des_crypt now detects salt char mismatches in hash
* bumped to 1.5.11.5.1Eli Collins2011-08-171-12/+13
|
* GAE compatibility fix: changed apache UTs to not rely on filesystem.Eli Collins2011-08-121-4/+4
| | | | | | * added private constructor Htpasswd._from_string(), will clean it up and make public in future * most apache tests now use _from_string() so they don't have to write to fs * tests which still require writing to fs (mainly the autoload tests) now skipped for GAE
* added gae_env flag to disable some CryptPolicy.from_path() unittests under ↵Eli Collins2011-08-121-1/+4
| | | | Google App Engine.
* added simple unittests to check passlib.apps & passlib.hosts contexts are ↵Eli Collins2011-08-121-2/+4
| | | | working
* provide fallbackEli Collins2011-08-121-3/+8
|
View Lorry Controller Status