All Versions
29
Latest Version
Avg Release Cycle
90 days
Latest Release
190 days ago

Changelog History
Page 3

  • v3.2.0 Changes

    December 08, 2016
    • Resolved #49, which requested making HiddenString defend against serialize() leaks.
    • ๐Ÿ›  Fixed an encoding issue which broke legacy passwords. (Discovered in the course of CMS Airship development.)
    • ๐Ÿ‘ The File API now supports different encodings for signatures and checksums (more than just hex and binary).
  • v3.1.1 Changes

    October 26, 2016
    • ๐Ÿ›  Fixed #44, which caused Halite to be unusable for Symfony users. Thanks, Usman Zafar.
  • v3.1.0 Changes

    August 22, 2016
    • โž• Added an export() method to KeyFactory, and congruent import*() methods. For example:
      • export($key) returns a HiddenString with a versioned and checksummed, hex-encoded string representing the key material.
      • importEncryptionKey($hiddenString) expects an EncryptionKey object or throws a TypeError
  • v3.0.0 Changes

    July 30, 2016
    • Use paragonie/constant_time_encoding
    • 0๏ธโƒฃ We now default to URL-safe Base 64 encoding (RFC 4648)
    • API change: Plaintext and password inputs must be a HiddenString object.
    • โฌ‡๏ธ Dropped support for version 1.
      • We no longer offer or use scrypt anywhere. Everything is Argon2 now.
      • KeyFactory no longer accepts a $legacy argument.
    • โž• Added TrimmedMerkleTree to Structures.
    • Use is_callable() instead of function_exists() for better compatibility with Suhosin.
  • v2.1.2 Changes

    July 11, 2016
    • ๐Ÿ‘ Better docblocks, added unit test to prevent regressions.
  • v2.1.1 Changes

    May 15, 2016
    • Prevent an undefined index error when calculating the root of an empty MerkleTree.
  • v2.1.0 Changes

    May 07, 2016
    • Key derivation (via KeyFactory) can now accept an extra argument to specify the security level of the derived key.
      • Scrypt: INTERACTIVE or SENSITIVE
      • Argon2i: INTERACTIVE, MODERATE, or SENSITIVE
    • ๐Ÿ”’ Password can now accept a security level argument. We recommend sticking with INTERACTIVE for end users, but if you'd rather make administrative accounts cost more to attack, now you can make that happen within Halite.
    • MerkleTree can now accept a personalization string for the hash calculation.
    • MerkleTree can output a specific hash length (between 16 and 64).
    • Both MerkleTree and Node now lazily calculate the Merkle root rather than calculating it eagerly. This results in less CPU waste.
    • Cleaned up the legacy cruft in the Key classes. Now they only accept a string in their constructor.
  • v2.0.1 Changes

    April 20, 2016
    • ๐Ÿ›  Fixed conflict with PHP 7 string optimizations that was causing File::decrypt() to fail in PHP-FPM.
    • โšก๏ธ Introduced a new method, Util::safeStrcpy(), to facilitate safe string duplication without triggering the optimizer.
  • v2.0.0 Changes

    April 04, 2016
    • Halite now requires:
      • PHP 7.0+
      • libsodium 1.0.9+
      • libsodium-php 1.0.3+
      • (You can use Halite::isLibsodiumSetupCorrectly() to verify the latter two)
    • Strictly typed everywhere
    • ๐Ÿ”ง You can no longer pass a well-configured but generic Key object to most methods; you must pass the appropriate child class (i.e. Symmetric\Crypto::encrypt() expects an instance of Symmetric\Crypto\EncryptionKey.
    • โšก๏ธ Updated password hashing and key derivation to use Argon2i
    • File now uses a keyed BLAKE2b hash instead of HMAC-SHA256.
    • Key->get() was renamed to Key->getRawKeyMaterial()
    • Password now has a needsRehash() method which will return true if you're using an obsolete encryption and/or hashing method.
    • Util now has several new methods for generating BLAKE2b hashes:
      • hash()
      • keyed_hash()
      • raw_hash()
      • raw_keyed_hash()
    • โœ‚ Removed most of the interfaces in Contract