From 77a105b26b2a50defbf45740e0d96e9320d794fe Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Mon, 29 Aug 2022 16:35:00 -0600 Subject: [PATCH 1/2] pbkdf2: remove default `simple` feature I suspect that most users of this crate care about the low-level `pbkdf2` API as opposed to the higher-level password hashing API which implements the PHC string format. The `simple` API pulls in quite a few dependencies (to the point I'm encountering dependency conflicts). --- Cargo.lock | 4 ++-- bcrypt-pbkdf/Cargo.toml | 4 ++-- pbkdf2/Cargo.toml | 3 +-- scrypt/Cargo.toml | 2 +- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index cf690bea..e42c7367 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -40,7 +40,7 @@ checksum = "ea2b2456fd614d856680dcd9fcc660a51a820fa09daef2e49772b56a193c8474" [[package]] name = "bcrypt-pbkdf" -version = "0.9.0" +version = "0.10.0-pre" dependencies = [ "blowfish", "hex-literal", @@ -288,7 +288,7 @@ dependencies = [ [[package]] name = "pbkdf2" -version = "0.11.0" +version = "0.12.0-pre" dependencies = [ "digest", "hex-literal", diff --git a/bcrypt-pbkdf/Cargo.toml b/bcrypt-pbkdf/Cargo.toml index d8e42cde..62109f7c 100644 --- a/bcrypt-pbkdf/Cargo.toml +++ b/bcrypt-pbkdf/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "bcrypt-pbkdf" -version = "0.9.0" # Also update html_root_url in lib.rs when bumping this +version = "0.10.0-pre" # Also update html_root_url in lib.rs when bumping this description = "bcrypt-pbkdf password-based key derivation function" authors = ["RustCrypto Developers"] license = "MIT OR Apache-2.0" @@ -14,7 +14,7 @@ rust-version = "1.57" [dependencies] blowfish = { version = "0.9.1", features = ["bcrypt"] } -pbkdf2 = { version = "0.11", default-features = false, path = "../pbkdf2" } +pbkdf2 = { version = "=0.12.0-pre", default-features = false, path = "../pbkdf2" } sha2 = { version = "0.10.2", default-features = false } zeroize = { version = "1", default-features = false, optional = true } diff --git a/pbkdf2/Cargo.toml b/pbkdf2/Cargo.toml index 740c80e5..3227659f 100644 --- a/pbkdf2/Cargo.toml +++ b/pbkdf2/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "pbkdf2" -version = "0.11.0" +version = "0.12.0-pre" authors = ["RustCrypto Developers"] license = "MIT OR Apache-2.0" description = "Generic implementation of PBKDF2" @@ -30,7 +30,6 @@ sha2 = "0.10" streebog = "0.10" [features] -default = ["simple"] parallel = ["rayon", "std"] simple = ["hmac", "password-hash", "sha2"] std = ["password-hash/std"] diff --git a/scrypt/Cargo.toml b/scrypt/Cargo.toml index 3908ad26..51f87ca5 100644 --- a/scrypt/Cargo.toml +++ b/scrypt/Cargo.toml @@ -14,7 +14,7 @@ rust-version = "1.57" [dependencies] hmac = "0.12.1" -pbkdf2 = { version = "0.11", default-features = false, path = "../pbkdf2" } +pbkdf2 = { version = "=0.12.0-pre", default-features = false, path = "../pbkdf2" } salsa20 = { version = "0.10.2", default-features = false } sha2 = { version = "0.10", default-features = false } From 9f5556480337d3027aed4690d7a76cad82144cda Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Tue, 30 Aug 2022 09:24:27 -0600 Subject: [PATCH 2/2] pbkdf2: update CHANGELOG.md --- pbkdf2/CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pbkdf2/CHANGELOG.md b/pbkdf2/CHANGELOG.md index 88e32e01..b18dba7d 100644 --- a/pbkdf2/CHANGELOG.md +++ b/pbkdf2/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## Unreleased +### Changed +- `simple` feature is no longer enabled by default ([#336]) + +[#336]: https://github.com/RustCrypto/password-hashes/pull/336 + ## 0.11.0 (2022-03-28) ### Changed - Bump `password-hash` dependency to v0.4; MSRV 1.57 ([#283])