version 0.008; 2012-02-04 * bugfix: avoid passing magic variables $1 et al into functions where they might unexpectedly change value * bugfix: in A::P::SaltedDigest, when loading digest modules, use bugfixed version of Module::Runtime (which works around a bug in Perl 5.8 and 5.10 regarding loading context-sensitive modules) * in base class documentation, indicate which algorithms should be preferred for new applications, and discuss side-channel attacks * in A::P::BlowfishCrypt documentation, discuss selection of cost parameter * for A::P::MySQL41, get sha1() from Digest::SHA rather than Digest::SHA1, because Digest::SHA is included in the core distribution * add many cross links in documentation * documentation typo fixes * include META.json in distribution * convert .cvsignore to .gitignore * add MYMETA.json to .cvsignore version 0.007; 2010-07-30 * bugfix: in A::P::SaltedDigest, use "[0-9a-zA-Z_]" instead of "\w" in regexps where only ASCII characters are desired * bugfix: in A::P::BlowfishCrypt, require bugfixed version of Crypt::Eksblowfish (for memory leak fix) * bugfix: in A::P::SaltedDigest, require bugfixed version of Module::Runtime (for ASCII restriction of module name syntax) * in A::P::EggdropBlowfish, use Crypt::Eksblowfish::Uklblowfish instead of Crypt::Blowfish to remove limitation on passphrase length * abandon use of the "fields" module * use simpler "parent" pragma in place of "base" * in documentation, use the term "truth value" instead of the less precise "boolean" * in A::P documentation, add MooseX::Types::Authen::Passphrase to "see also" list * check for required Perl version at runtime * use full stricture in test suite * in Build.PL, explicitly declare configure-time requirements * remove bogus "exit 0" from Build.PL * add MYMETA.yml to .cvsignore version 0.006; 2009-03-07 * bugfix: in A::P::SaltedDigest, use "[0-9]" instead of "\d" in regexps where only ASCII digits are desired * bugfix: require bugfixed versions of Authen::DecHpwd, Crypt::Eksblowfish::Bcrypt, and Crypt::UnixCrypt_XS (for UTF8 scalar handling) * bugfix: require bugfixed version of Authen::DecHpwd (for not crashing) * bugfix: require bugfixed version of Module::Runtime (for $SIG{__DIE__} handling) * avoid "\x{}" in regexp character classes, for compatibility with perl v5.6 * in documentation for A::P::SaltedDigest, briefly discuss the new generation of hash algorithms * test POD syntax and coverage, and rename some internal functions to satisfy the coverage test * drop prototypes from method subs (where the prototypes have no effect) * in tests, avoid unreliable "\S" regexp element * build with Module::Build instead of ExtUtils::MakeMaker * complete dependency list * more precise Crypt::Eksblowfish::Bcrypt dependency instead of Crypt::Eksblowfish dependency * include signature in distribution * in documentation, separate "license" section from "copyright" section version 0.005; 2007-01-21 * avoid "my __PACKAGE__", for compatibility with perl v5.6 * point to Crypt::SaltedHash from documentation for A::P::SaltedDigest * remove bogus link to Crypt::Passwd from documentation for A::P::SaltedDigest * grammar fix in documentation for A::P::LANManager * punctuation fix in documentation for A::P::Crypt16 version 0.004; 2006-09-01 * implement Eggdrop blowfish.mod algorithm in Authen::Passphrase::EggdropBlowfish based on the Crypt::Blowfish module; initially limited to passphrases up to 56 bytes * in A::P::VMSPurdy, change ->hash_hex method to output in uppercase, as used in crypt strings * in A::P::VMSPurdy, add a "salt_hex =>" constructor parameter and a ->salt_hex method, handling salt in the hexadecimal format used in crypt strings * in documentation for A::P::DESCrypt, move the security warning to apply to both the traditional and extended schemes * in documentation for A::P::MySQL323, be more explicit about storage format * documentation markup fix in A::P::BlowfishCrypt version 0.003; 2006-08-31 * implement VMS Purdy polynomial algorithm family (crypt identifiers $VMS1$, $VMS2$, and $VMS3$) in Authen::Passphrase::VMSPurdy based on the Authen::DecHpwd module * implement phpass algorithm (crypt identifier $P$) in Authen::Passphrase::PHPass * implement MySQL v3.23 algorithm in Authen::Passphrase::MySQL323 based on the Crypt::MySQL module * implement MySQL v4.1 algorithm in Authen::Passphrase::MySQL41 * in from_crypt, when handling known but unimplemented schemes, say so instead of not recognising the scheme identifier * move from_crypt and from_rfc2307 parsing code from Authen::Passphrase into scheme-specific modules * put all data stored in objects into canonical form, to avoid propagating dualvars or other oddities * document {CRYPT16}, ambiguously used by Exim * make {CRYPT} documentation more explicit * fix a bogus reference to DES in the documentation of A::P::BlowfishCrypt version 0.002; 2006-08-12 * implement LAN Manager hash scheme (RFC 2307 identifiers {LANMAN} and {LANM}) in Authen::Passphrase::LANManager, along with separable halves (crypt identifier $LM$) in Authen::Passphrase::LANManagerHalf * implement Netscape Mail Server's MD5-based scheme (RFC 2307 identifier {NS-MTA-MD5}) in Authen::Passphrase::NetscapeMail * implement crypt16 from Ultrix in Authen::Passphrase::Crypt16 * implement bigcrypt from Digital Unix in Authen::Passphrase::BigCrypt * implement RFC 2307 scheme identifier {MD4} (plain MD4) * implement RFC 2307 scheme identifier {RMD160} (plain RIPEMD-160) * implement RFC 2307 scheme identifier {MSNT} (NT-Hash) * implement crypt scheme identifier $NT$ (NT-Hash with a different textual format from $3$) * implement RFC 2307 scheme identifier {WM-CRY} (synonym for {CRYPT}) * add a "passphrase =>" constructor parameter to A::P::BlowfishCrypt->new, A::P::DESCrypt->new, A::P::MD5Crypt->new, A::P::NTHash->new, and A::P::SaltedDigest->new (such a parameter also exists in the new A::P::BigCrypt->new, A::P::Crypt16->new, A::P::LANManager->new, A::P::LANManagerHalf->new, and A::P::NetscapeMail->new) * add a "salt_random =>" constructor parameter to A::P::BlowfishCrypt->new, A::P::DESCrypt->new, A::P::MD5Crypt->new, and A::P::SaltedDigest->new (such a parameter also exists in the new A::P::BigCrypt->new, A::P::Crypt16->new and A::P::NetscapeMail->new) * in A::P::SaltedDigest, accept bare package names and related forms, and references to blessed objects, as algorithm identifiers * in the from_crypt and from_rfc2307 constructors, reject strings containing spaces or control characters * in Authen::Passphrase::MD5Crypt, refuse to put a space character into a crypt string * in Authen::Passphrase::Clear, refuse to put spaces or control characters into an RFC 2307 string * in Authen::Passphrase::MD5Crypt, check that the salt string contains only bytes * prohibit the base class from_crypt and from_rfc2307 constructors being called on subclasses * in testing Authen::Passphrase::NTHash, check case handling * rewrite the from_crypt constructor to use scheme identifiers as such, the way from_rfc2307 already does * in documentation for the from_crypt constructor, list all known scheme identifiers * in documentation for the from_rfc2307 constructor, list known pseudo-schemes (where instead of a passphrase hash there is a reference to some other authentication mechanism) * discuss resistance to brute force attacks in documentation * more realistic example salts in the synopsis of A::P::MD5Crypt and A::P::SaltedDigest version 0.001; 2006-08-06 * implement Blowfish-based crypt() scheme (crypt identifiers $2$ and $2a$) in Authen::Passphrase::BlowfishCrypt, based on the new Crypt::Eksblowfish::Bcrypt module * include MIME::Base64 in dependency list in Makefile.PL * versioned dependencies * add test t/intdescrypt.t for the full DESCrypt interface * test full SaltedDigest interface in t/smd5.t and t/ssha.t * test full NTHash interface in t/nthash.t * use "=> 0" instead of "=> undef" in unversioned dependencies in Makefile.PL * in the Authen::Passphrase constructors, note the effects of the runtime loading of specific recogniser class modules * comment on the origins of the MD5-based and Blowfish-based crypt() schemes * corrected copyright year in README version 0.000; 2006-05-23 * initial released version