Changelog for password

3.0.2.1

• Add Cabal flags to control which hashing algorithms are exported. These flags are argon2, bcrypt, pbkdf2, and scrypt. Each flag is enabled by default - disabling it will elide the corresponding module from the library. This allows downstream packagers to disable hashing algorithms which aren't supported on certain platforms. Thanks to @ivanbakel #63

3.0.2.0

• Add extractParams on PasswordHashs Thanks to @blackheaven #61

3.0.1.0

• Argon2 hashes without a version field are interpreted as being of version 1.0 Thanks to @Vlix #56

3.0.0.0

• Split the main datatypes module (Data.Password) into a separate package: password-types. The new package just contains Password, PasswordHash, Salt and their helper functions/instances.
• Adjusted entire password package to use the Data.Password.Types from this new password-types. Thanks to @Vlix #40
• Argon2: fixed the producing and checking of Argon2 hashes. The base64 padding is removed when producing hashes and when checking hashes it will accept hashes with or without padding. #45

2.1.1.0

• Fixed homepage links in the .cabal files. #34 Thanks to @Radicalautistt
• Updated the defaultPasswordPolicy and documentation of the Data.Password.Validate module using information about research done on "memorized secrets" (i.e. passwords) by the NIST. [#31] https://github.com/cdepillabout/password/pull/31 Thanks to @agentultra for pointing out the research and starting the PR. #39 Thanks to @Vlix for updating the rest of the documentation.
• Small spelling and other documentation fixes.

2.1.0.0

• A new Validate module has been added to dictate policies that passwords should adhere to and the necessary API to verify that they do. #26 Huge thanks to @HirotoShioi for picking up the task of adding this functionality and doing most of the groundwork. #27 Thanks to @Vlix for finishing up the API and documentation.

2.0.1.1

• Fixed cross-module links in the haddocks. #19 Thanks to @TristanCacqueray for fixing this.

2.0.1.0

• Switched checking hashes to using Data.ByteArray.constEq, instead of the default (==) method of ByteString. This is to make it more secure against timing attacks. #16 Thanks to @maralorn for bringing this up.

2.0.0.1

• Fixed README markdown for hackage.

2.0.0.0

• Complete overhaul of the library to include hashing and checking passwords with not just scrypt, but also PBKDF2, bcrypt and Argon2. #8
• cryptonite is now used as a dependency, instead of the scrypt package. #8
• Done away with abbreviating "password" (Pass/pass -> Password/password) #8
• Removed unsafeShowPasswordText and changed unsafeShowPassword to be Password -> Text. (Anyone who needs it to be a String knows where to find Data.Text.unpack) #8
• GHC versions < 8.2 are no longer actively supported. (Tested to work for GHC 8.2.2)

1.0.0.0

• hashPassWithSalt has switched function arguments for better currying. #6 Although be warned that multiple passwords should not be hashed with the same salt.
• Removed Read instance from Pass and added Show instance. #6 See #5 for justification of this.
• newSalt is now MonadIO m instead of IO. #6
• PassCheckSucc has been renamed to PassCheckSuccess. #6
• Hide data constructor from Pass and add the mkPass function to construct a Pass. #6
• Thanks to Felix Paulusma (@Vlix) for the above changes!

0.1.0.1

• Small fix to make sure the doctests build with stack. #3

0.1.0.0

• Initial version.