Skip to content

Release 2022.09.07

Latest
Compare
Choose a tag to compare
@ilius ilius released this 06 Sep 20:10
· 64 commits to master since this release
a039829

Changes since last release (2021.10.21)

Bug fixes and security improvements

  • Fix panic when pattern ends with a single backslash
  • Alteration: use the minimum entropy of alteration parts for overall pattern entropy
    • For example repassgen -entropy '([a-z]{8}|[0-9]{8})' showed entropy 27 or 38 depending on which of two patterns ([a-z]{8} or [0-9]{8}) were chosen. Now it always shows 27 as entropy.
    • Why? Because shown entropy is for the pattern, not the password, so it should be always the same. The weakest part of alteration can make the pattern vulnerable if you don't pay enough attention to it.
    • It's generally not a good idea to have largely-varied-entropy patterns as part of alteration.

Breaking changes

  • Add $byte() and $BYTE() functions which return hex
  • Remove [:byte:] character class (which returned binary and was a problem in text context)
  • Change all encode functions to take hex-encoded input
    • $base64
    • $base64url
    • $base32
    • $BASE32
    • $base32std
    • $bip39encode

New features

  • Add $pyhex function (takes hex-encoded input like above)

Improvements and testing

  • Safe integer type casting, and change some integer types for safety and performance
  • Fix a few flaky tests, add new tests, improve coverage, better validation
  • Lots of refactoring

Changes in dependencies

  • Update and tidy dependencies
  • Remove github.com/spf13/cast from dependencies