-
Notifications
You must be signed in to change notification settings - Fork 0
/
Changes
109 lines (63 loc) · 2.66 KB
/
Changes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
Revision history for Authen-SCRAM
{{$NEXT}}
[Documented]
- Documented parameters and return values for getting client
computed keys.
0.011 2018-06-23 22:32:32-04:00 America/New_York
[Fixed]
- Fixed circular reference in nonce generator closure
0.010 2018-06-13 09:47:13-04:00 America/New_York
[Changed]
- Removed String::Compare::ConstantTime as a dependency. This
is a temporary measure until warnings on older Perls are
addressed and released.
0.009 2018-03-26 15:33:59-04:00 America/New_York
[Fixed]
- Fixed tests for older Perls
0.008 2018-03-26 14:43:49-04:00 America/New_York
[Fixed]
- Correctly handles wide characters in usernames without mojibaking the
auth signature. Previously undetected in roundtrip tests as the
error was symmetric between client and server. Cross-checked via a
test conversation generated from http://github.com/xdg/scram.
0.007 2018-01-28 00:00:56-05:00 America/New_York
[Added]
- Public 'computed_keys' method on the client object to get
stored/server keys that a server needs to keep to authenticate a
user.
[Changed]
- Added 'minimum_iteration_count' on clients, defaulting to 4096, to
mitigate downgrade attacks.
[Tests]
- Added a SCRAM-SHA-256 test.
0.006 2017-11-22 10:45:58-05:00 America/New_York
[Added]
- Expensive digested password computation is cached in clients and
reused for future authentication where salt and iteration count
is the same.
[Fixed]
- Applies "stored strings" normalization when doing SASLprep,
as required by https://tools.ietf.org/html/rfc5802#section-2.2
0.005 2014-10-15 17:30:07-04:00 America/New_York
[Fixed]
- Prevent test failures due to warnings in other modules
(which we can't control)
0.004 2014-10-14 11:45:09-04:00 America/New_York
[Fixed]
- Fixed warnings from length() on Perls before 5.12
[Prereqs]
- Bumped Moo prereq to 1.001000 for non-ref default value support
0.003 2014-10-07 22:05:31-04:00 America/New_York
[Added]
- Added 'skip_saslprep' attribute, in case applications insist on
deviating from RFC 5802 in this regard
0.002 2014-10-06 12:09:01-04:00 America/New_York
[Fixed]
- Fixed handling of character encodings for non-ASCII characters in
usernames and passwords
[Documented]
- Clarified that all inputs/outputs are expected to be character
strings and that users are responsible for UTF-8 encoding/decoding
during transmission and reception
0.001 2014-10-04 13:25:37-04:00 America/New_York
- First release