Crypt-HSXKPasswd-v3.6

@bbusschots bbusschots released this Aug 11, 2015 · 1 commit to master since this release

Fixed bugs affecting Perl versions greater than 5.20.

Downloads

Crypt-HSXKPasswd-v3.5

@bbusschots bbusschots released this Aug 10, 2015 · 6 commits to master since this release

The first stable release of the re-named module.

No changes since beta 4.

Downloads

Crypt-HSXKPasswd-v3.4.1 BETA 4

@bbusschots bbusschots released this Jul 19, 2015 · 9 commits to master since this release

Shortened some existing command line options:

  • --dictionary-package is now --dict-pkg
  • --rng-package is now --rng-pkg

Added the --dict-file option to allow a dictionary file be specified for use as the word source.

Updated the -d option so it is now an alias for --dict-file.

Added --dict-pkg-args and --rng-pkg-args options to allow arguments be passed to the constructors for the packages specified via --dict-pkg and --rng-pkg. Both options expect a JSON string representing an array.

Re-factored the hsxkpasswdrc file format to support dictionary files and package options.

Updated the documentation to reflect these changes.

Downloads

Crypt-HSXKPasswd-v3.3.1 BETA 3

@bbusschots bbusschots released this Jul 12, 2015 · 12 commits to master since this release

This is the third, and hopefully final, BETA release of the re-named Crypt::HSXKPasswd (was XKPasswd.pm)

This release contains just one bug fix:
1. There was a subtle error in how the entropy was calculated for the worst-case scenario (where attackers know both the configuration and word source used). Unfortunately the bug caused the module to overestimate the entropy. Because if this, some presets had to be altered after the bug was fixed to keep them below the entropy warning thresholds. This proved impossible for the WEB16 preset, so it has now issues a warning in the same way the NTLM preset does.

This release contains a number of enhancements to the core module:
1. Control over entropy warnings has been greatly improved. Previously warnings were controlled by specifying which warnings to suppress, this is inverse to how most humans think, and hence very confusing. The logic has now been reversed, and the module config variable re-named to reflect the new logic.
2. The ALTERNATE case transform now randomises the case of the first word, and then alternates from there. This adds a little more entropy, and makes more sense than having it always be the same IMO.

This release contains significant updates to the hsxkpasswd terminal command:
1. Support for hsxkpasswdrc files has been added. These config files allow users of the terminal command store custom presets, and set other default values. the --rcfile option can be used to specify the path to a specific rc file, but by default ~/.hsxkpasswdrc is used. The --test-rcfile option can be used to help debug rc files.
2. The -w and -warn options were added to allow control of the entropy warnings when using the terminal command

There are no more outstanding features targeted for the first stable release of the renamed module.

Downloads

Crypt-HSXKPasswd-v3.2.1 BETA 2

@bbusschots bbusschots released this Jun 7, 2015

The second BETA release of the re-named Crypt::HSXKPasswd (was XKPasswd.pm).

This release contains some bug fixes, as well as some feature changes:

  1. all data validation now done using a custom Type::Library type library of Type::Tiny types. With the help of @NosillaCast, many of the error messages have also been re-worded to be more human-friendly.
  2. a new helper class has been created to remove all circular dependencies - they were not breaking the code, but they were making my IDE cranky, and they just didn't smell right.
  3. a command-line interface (hsxkpasswd) has been added
  4. the test suite has been greatly improved, which should make it easier to spot bugs before code releases going forward
  5. the documentation got quite a bit of TLC

Apart from fixing any bugs this beta release highlights, all the remains to be done for the first stable release is to go through the documentation with a fine-tooth-comb to remove complex sentences, and to unify phraseology so there is better consistency.

Downloads

Crypt-HSXKPasswd-v3.1.1 BETA 1

@bbusschots bbusschots released this May 19, 2015 · 24 commits to CPAN-Prep since this release

The first beta release of the re-designed and re-named module. With this release the Perl module has been re-named from simply XKPasswd, to the properly name-spaced Crypt::HSXKPasswd.

The reason for the change of name from XKPasswd to HSXKPasswd is to better reflect the fact that this module combines ideas from both the famous XKCD password comic, and Steve Gibson's Password Haystacks. The old name implied the module only implemented traditional XKCD-style passwords, which under-sells the module's capabilities.

This version has been packaged for future distribution on CPAN, and contains many new features, most notably:

  • Both the functional interface (hsxkpasswd()) and the constructor have been changed to using named parameters to make it easier to instantiate objects with more customisations.
  • The config can now be passed as a JSON string (the format produced in the Save/Load tab on the www.xkpasswd.net website), making it easy to tweak your config in the web GUI, then use it in your scripts.
  • The module is now fully unicode aware, so it can finally handle accented letters, and hence, languages other than English!
  • The module now ships with English, German, French, Spanish, Italian and Portuguese dictionaries built in.
  • The dictionary interface has been completely re-designed, allowing for more flexible word sources in the future - simply extend Crypt::HSXKPasswd::Dictionary and implement the function word_list().
  • Random number generation (RNG) has been completely re-designed, and there is now built-in support for better sources of randomness than rand(), including support for /dev/urandom, Math::Random::Secure, and Data::Entropy::Algorythms. By default, the best RNG available on the system will be used, and a warning will be issued if the module has to fall back to using rand().
  • Custom RNGs can now be created by extending Crypt::HSXKPasswd::RNG and implementing the function random_numbers()

Installation instructions can be found in the INSTALL file, and detailed documentation in the README file, both included in the release.

Downloads

Version 2.1.1

@bbusschots bbusschots released this Nov 9, 2014 · 62 commits to master since this release

The first non-beta release. Mostly the same as the previous beta, but with a few bugs fixed, and a few small additions. The additions were added to address shortcomings that came to light during the recent re-development of www.xkpasswd.net.

Downloads

Version 2.1.1-beta2

@bbusschots bbusschots released this Aug 13, 2014 · 78 commits to master since this release

A very minor change since the first beta, just some bug fixes to the validation code.

This version is fully functional, and appears stable, but there may still be some bugs that need to be knocked out.

Downloads

Version 2.1.1-beta1

@bbusschots bbusschots released this Aug 3, 2014 · 80 commits to master since this release

The first public release of version two of the XKPasswd module.

This version is fully functional, and appears stable, but there may still be some bugs that need to be knocked out.

Downloads