Revision history for Authen-SCRAM
0.010 2018-06-13 09:47:13-04:00 America/New_York
[Changed]
- Removed String::Compare::ConstantTime as a dependency. This
is a temporary measure until warnings on older Perls are
addressed and released.
0.009 2018-03-26 15:33:59-04:00 America/New_York
[Fixed]
- Fixed tests for older Perls
0.008 2018-03-26 14:43:49-04:00 America/New_York
[Fixed]
- Correctly handles wide characters in usernames without mojibaking the
auth signature. Previously undetected in roundtrip tests as the
error was symmetric between client and server. Cross-checked via a
test conversation generated from http://github.com/xdg/scram.
0.007 2018-01-28 00:00:56-05:00 America/New_York
[Added]
- Public 'computed_keys' method on the client object to get
stored/server keys that a server needs to keep to authenticate a
user.
[Changed]
- Added 'minimum_iteration_count' on clients, defaulting to 4096, to
mitigate downgrade attacks.
[Tests]
- Added a SCRAM-SHA-256 test.
0.006 2017-11-22 10:45:58-05:00 America/New_York
[Added]
- Expensive digested password computation is cached in clients and
reused for future authentication where salt and iteration count
is the same.
[Fixed]
- Applies "stored strings" normalization when doing SASLprep,
as required by https://tools.ietf.org/html/rfc5802#section-2.2
0.005 2014-10-15 17:30:07-04:00 America/New_York
[Fixed]
- Prevent test failures due to warnings in other modules
(which we can't control)
0.004 2014-10-14 11:45:09-04:00 America/New_York
[Fixed]
- Fixed warnings from length() on Perls before 5.12
[Prereqs]
- Bumped Moo prereq to 1.001000 for non-ref default value support
0.003 2014-10-07 22:05:31-04:00 America/New_York
[Added]
- Added 'skip_saslprep' attribute, in case applications insist on
deviating from RFC 5802 in this regard
0.002 2014-10-06 12:09:01-04:00 America/New_York
[Fixed]
- Fixed handling of character encodings for non-ASCII characters in
usernames and passwords
[Documented]
- Clarified that all inputs/outputs are expected to be character
strings and that users are responsible for UTF-8 encoding/decoding
during transmission and reception
0.001 2014-10-04 13:25:37-04:00 America/New_York
- First release