·
56 commits
to master
since this release
Changes since last release (2021.10.21)
Bug fixes and security improvements
- Fix panic when pattern ends with a single backslash
- Alteration: use the minimum entropy of alteration parts for overall pattern entropy
- For example
repassgen -entropy '([a-z]{8}|[0-9]{8})'showed entropy 27 or 38 depending on which of two patterns ([a-z]{8}or[0-9]{8}) were chosen. Now it always shows 27 as entropy. - Why? Because shown entropy is for the pattern, not the password, so it should be always the same. The weakest part of alteration can make the pattern vulnerable if you don't pay enough attention to it.
- It's generally not a good idea to have largely-varied-entropy patterns as part of alteration.
- For example
Breaking changes
- Add
$byte()and$BYTE()functions which return hex - Remove
[:byte:]character class (which returned binary and was a problem in text context) - Change all encode functions to take hex-encoded input
$base64$base64url$base32$BASE32$base32std$bip39encode
New features
- Add
$pyhexfunction (takes hex-encoded input like above)
Improvements and testing
- Safe integer type casting, and change some integer types for safety and performance
- Fix a few flaky tests, add new tests, improve coverage, better validation
- Lots of refactoring
Changes in dependencies
- Update and tidy dependencies
- Remove
github.com/spf13/castfrom dependencies