Halite changelog

Changelog History

Page 3

• v3.2.0 Changes

  December 08, 2016

  • Resolved #49, which requested making HiddenString defend against serialize() leaks.
  • 🛠 Fixed an encoding issue which broke legacy passwords. (Discovered in the course of CMS Airship development.)
  • 👍 The File API now supports different encodings for signatures and checksums (more than just hex and binary).

• v3.1.1 Changes

  October 26, 2016

  • 🛠 Fixed #44, which caused Halite to be unusable for Symfony users. Thanks, Usman Zafar.

• v3.1.0 Changes

  August 22, 2016

  • ➕ Added an export() method to KeyFactory, and congruent import*() methods. For example:
    • export($key) returns a HiddenString with a versioned and checksummed, hex-encoded string representing the key material.
    • importEncryptionKey($hiddenString) expects an EncryptionKey object or throws a TypeError

• v3.0.0 Changes

  July 30, 2016

  • Use paragonie/constant_time_encoding
  • 0️⃣ We now default to URL-safe Base 64 encoding (RFC 4648)
  • API change: Plaintext and password inputs must be a HiddenString object.
  • ⬇️ Dropped support for version 1.
    • We no longer offer or use scrypt anywhere. Everything is Argon2 now.
    • KeyFactory no longer accepts a $legacy argument.
  • ➕ Added TrimmedMerkleTree to Structures.
  • Use is_callable() instead of function_exists() for better compatibility with Suhosin.

• v2.1.2 Changes

  July 11, 2016

  • 👍 Better docblocks, added unit test to prevent regressions.

• v2.1.1 Changes

  May 15, 2016

  • Prevent an undefined index error when calculating the root of an empty MerkleTree.

• v2.1.0 Changes

  May 07, 2016

  • Key derivation (via KeyFactory) can now accept an extra argument to specify the security level of the derived key.
    • Scrypt: INTERACTIVE or SENSITIVE
    • Argon2i: INTERACTIVE, MODERATE, or SENSITIVE
  • 🔒 Password can now accept a security level argument. We recommend sticking with INTERACTIVE for end users, but if you'd rather make administrative accounts cost more to attack, now you can make that happen within Halite.
  • MerkleTree can now accept a personalization string for the hash calculation.
  • MerkleTree can output a specific hash length (between 16 and 64).
  • Both MerkleTree and Node now lazily calculate the Merkle root rather than calculating it eagerly. This results in less CPU waste.
  • Cleaned up the legacy cruft in the Key classes. Now they only accept a string in their constructor.

• v2.0.1 Changes

  April 20, 2016

  • 🛠 Fixed conflict with PHP 7 string optimizations that was causing File::decrypt() to fail in PHP-FPM.
  • ⚡️ Introduced a new method, Util::safeStrcpy(), to facilitate safe string duplication without triggering the optimizer.

• v2.0.0 Changes

  April 04, 2016

  • Halite now requires:
    • PHP 7.0+
    • libsodium 1.0.9+
    • libsodium-php 1.0.3+
    • (You can use Halite::isLibsodiumSetupCorrectly() to verify the latter two)
  • Strictly typed everywhere
  • 🔧 You can no longer pass a well-configured but generic Key object to most methods; you must pass the appropriate child class (i.e. Symmetric\Crypto::encrypt() expects an instance of Symmetric\Crypto\EncryptionKey.
  • ⚡️ Updated password hashing and key derivation to use Argon2i
  • File now uses a keyed BLAKE2b hash instead of HMAC-SHA256.
  • Key->get() was renamed to Key->getRawKeyMaterial()
  • Password now has a needsRehash() method which will return true if you're using an obsolete encryption and/or hashing method.
  • Util now has several new methods for generating BLAKE2b hashes:
    • hash()
    • keyed_hash()
    • raw_hash()
    • raw_keyed_hash()
  • ✂ Removed most of the interfaces in Contract

• « First
• ‹ Prev
• 1
• 2
• 3