Revision history for Perl module App::bmkpasswd
2.011006 2016-03-20
- Improved check for POSIX::Termios in `bmkpasswd`
- Minor `bmkpasswd` cleanups; take advantage of IO::Handle methods as long
as we have it
2.011005 2016-03-09
- Skip 'bmkpasswd' command tests on MSWin32
While the utility is reported to work without issue, the test does not,
and I lack access to an appropriate machine for deeper diving.
2.011004 2016-03-09
- Fall back to Term::ReadKey on MSWin32
2.011003 2016-03-09
- Fall back to Term::ReadKey to turn off terminal echo on 5.8.x, if
available; if not, warn loudly and suggest it before prompting for a
password to crypt
2.011002 2016-03-09
- Fix `bmkpasswd` executable on 5.8.x (no POSIX::ECHO available)
2.011001 2016-03-08
- Add `bmkpasswd --available` for listing available crypt methods
- Adjust constant time comparison to avoid potentially leaking any
information regarding the length of random-length SHA salts
- Add proper Test::Cmd tests for `bmkpasswd`
2.010001 2015-10-23
- Reintroduce constant time comparison for hashes
- Minor test expansion
2.009001 2015-08-08
- Support calling Crypt::Bcrypt::Easy->crypt as a class method
2.008002 2015-08-02
- Bytes::Random::Secure::Tiny now defaults to seeding from nonblocking
sources; fix our constructor call when 'strong' salts are enabled
2.008001 2015-07-02
- Switch to Bytes::Random::Secure::Tiny
2.007001 2015-06-21
- API change; passwdcmp now returns explicit undef rather than an empty
list
- API change; export mkpasswd and passwdcmp by default
- Add 'reset_seed' option to Crypt::Bcrypt::Easy's constructor as sugar for
calling 'mkpasswd_forked' at object construction time
2.006001 2015-06-21
- Add 'mkpasswd_forked' function for resetting salt generator seeds in child
processes or threads.
2.005004 2015-03-11
- 'use strictures 2;' for saner fatal warnings behavior
- Faster tests
2.005003 2014-12-02
- Kill constant time comparison completely; this was a silly addition that
has only introduced bugs.
- Switch to 'cpanfile' dependency list
2.005002 2014-09-18
- Better Crypt::Bcrypt::Easy documentation.
- Improvements to constant time comparison.
- Minor optimizations & cleanups.
2.005001 2014-09-11
- SECURITY; passwdcmp() constant time comparison fixes.
The last character of a hash can be skipped during constant time
comparison in previous versions (starting at 1.82.4).
Real-world risk is reasonably low, but this does make collisions more
likely. Mea culpa.
- POD / test expansion
2.004002 2014-05-12
- Minor cleanups & test improvements
2.004001 2013-10-16
- Fix MD5 failures on machines without Crypt::Passwd::XS
2.004000 2013-10-15
- Add mkpasswd_available function for checking avail hash methods
2.003001 2013-10-14
- Fix failing t/04_hashopts.t on machines without SHA support
- Use Pod::Usage to provide --help / --usage / --man
2.003000 2013-10-13
- Support for passing in a salt generator coderef
- mkpasswd() can accept parameters via a HASH
2.002000 2013-09-12
- Use Exporter::Tiny
2.001003 2013-09-01
- No code changes; drop prereq to perl-5.6
2.001002 2013-08-09
- No code changes; fix 'Changes' to match CPAN::Changes::Spec
2.001001 2013-06-18
- Kill Term::ReadKey dependency entirely; instead use POSIX::Termios to turn
off terminal echo. (haarg clued me in to this in a conversation he was
having with tobyink on irc.perl.org #web-simple -- thanks!)
2.001000 2013-05-02
- Output `bmkpasswd` prompts to STDERR for more sensible redirection
- Make Term::ReadKey optional and warn if we don't have it
2.000003 2013-04-21
- Cleaner --bench output
- POD/test cleanups
2.000002 2013-04-19
- Fix single-digit work-cost adjustment
- Crypt::Bcrypt::Easy:
Add ->cost() method
Possible to pass a 'type =>' to ->crypt()
(undocumented -- bcrypt is your friend, use it)
2.000001 2013-04-19
- Add Crypt::Bcrypt::Easy
1.082005 2013-04-08
- Better passwdcmp() argument-checking
- Trap dying 'crypt()' calls in tests to avoid fuzzy fails like
1.082004 2013-04-05
- Use constant time comparison when comparing hashes.
- POD enhancements.
1.082003 2013-04-01
- POD tweaks
1.082002 2013-02-23
- Lazy-build Bytes::Random::Secure instances
1.082001 2013-02-23
- Use Bytes::Random::Secure-0.24
1.082000 2013-02-17
- Use NonBlocking => 1 unless --strong is specified
1.081002 2013-02-17
- Fix stray reference to deprecated HAVE_PASSWD_XS in bin/bmkpasswd
1.081001 2013-02-17
- Use Crypt::Random::Seed in blocking mode to generate salts securely.
- Switch to dzil & semantic versioning
1.07 2012-06-10
- Slightly more sane Crypt::Passwd::XS checking.
- Improved POD.
1.06 2012-06-09
- Small t/ readability cleanup.
- Missing changelog for 1.05.
1.05 2012-06-09
- Skip MD5 tests on systems without Crypt::Passwd::XS or working MD5.
- Fixes test failures on Windows builds without proper crypt(),
MD5 is only included for compat with ancient hashes anyway.
1.04 2012-06-09
- Fix a broken test on systems missing SHA support.
- More consistent POD between bmkpasswd(1) and App::bmkpasswd
1.03 2012-06-08
- croak() if specified work cost factor is not numeric.
- croak() on unknown types.
- Clean up an old check that is no longer relevant; have_sha() will now
do the Right Thing if Crypt::Passwd::XS is missing, so we don't need
to check if someone was stupidly futzing with package variables.
1.02 2012-06-08
- Typo/style cleanups
1.01 2012-06-08
- Try::Tiny rather than raw block eval, 'use strictures'
- Improved tests
1.00 2012-05-23
- Minor cleanups, 1.00
0.05 2012-04-07
- t/04_sha: mention Crypt::Passwd::XS if SHA is missing
- Include . / in standard salt possibles (MD5/SHA)
- croak() rather than die() from bmkpasswd.pm
0.04 2012-04-02
- Don't export mkpasswd/passwdcmp unless requested.
0.03 2012-03-29
- First known-working CPAN-able dist; based on code pulled out of the
Bot::Cobalt IRC bot, with POD updates, optional Crypt::Passwd::XS
detection/use, better tests