Changelog for password
3.0.2.1
- Add Cabal flags to control which hashing algorithms are exported. These flags are
argon2
, bcrypt
, pbkdf2
, and scrypt
. Each flag is enabled by default -
disabling it will elide the corresponding module from the library. This allows
downstream packagers to disable hashing algorithms which aren't supported on
certain platforms.
Thanks to @ivanbakel
#63
3.0.2.0
3.0.1.0
- Argon2 hashes without a version field are interpreted as being of version 1.0
Thanks to @Vlix
#56
3.0.0.0
- Split the main datatypes module (
Data.Password
) into a separate package: password-types
.
The new package just contains Password
, PasswordHash
, Salt
and their helper functions/instances.
- Adjusted entire
password
package to use the Data.Password.Types
from this new password-types
.
Thanks to @Vlix
#40
- Argon2: fixed the producing and checking of Argon2 hashes.
The base64 padding is removed when producing hashes and when
checking hashes it will accept hashes with or without padding.
#45
2.1.1.0
- Fixed
homepage
links in the .cabal
files.
#34
Thanks to @Radicalautistt
- Updated the
defaultPasswordPolicy
and documentation of the
Data.Password.Validate
module using information about research done on
"memorized secrets" (i.e. passwords) by the NIST.
[#31] https://github.com/cdepillabout/password/pull/31
Thanks to @agentultra for pointing out
the research and starting the PR.
#39
Thanks to @Vlix for updating the rest of the
documentation.
- Small spelling and other documentation fixes.
2.1.0.0
- A new
Validate
module has been added to dictate policies that passwords
should adhere to and the necessary API to verify that they do.
#26
Huge thanks to @HirotoShioi for picking
up the task of adding this functionality and doing most of the groundwork.
#27
Thanks to @Vlix for finishing up the API and
documentation.
2.0.1.1
2.0.1.0
- Switched checking hashes to using
Data.ByteArray.constEq
, instead of
the default (==)
method of ByteString
. This is to make it more secure
against timing attacks. #16
Thanks to @maralorn for bringing this up.
2.0.0.1
- Fixed README markdown for hackage.
2.0.0.0
- Complete overhaul of the library to include hashing and checking
passwords with not just
scrypt
, but also PBKDF2
, bcrypt
and
Argon2
.
#8
cryptonite
is now used as a dependency, instead of the scrypt
package.
#8
- Done away with abbreviating "password" (
Pass/pass
-> Password/password
)
#8
- Removed
unsafeShowPasswordText
and changed unsafeShowPassword
to be
Password -> Text
. (Anyone who needs it to be a String
knows where to
find Data.Text.unpack
)
#8
- GHC versions < 8.2 are no longer actively supported.
(Tested to work for GHC 8.2.2)
1.0.0.0
hashPassWithSalt
has switched function arguments for better currying.
#6
Although be warned that multiple passwords
should not be hashed with the same salt.
- Removed
Read
instance from Pass
and added Show
instance.
#6
See #5
for justification of this.
newSalt
is now MonadIO m
instead of IO
.
#6
PassCheckSucc
has been renamed to PassCheckSuccess
.
#6
- Hide data constructor from
Pass
and add the mkPass
function to construct a Pass
.
#6
- Thanks to Felix Paulusma (@Vlix) for the above
changes!
0.1.0.1
- Small fix to make sure the doctests build with stack.
#3
0.1.0.0