Latest release

v1.0.0

@dchest dchest released this May 22, 2017 · 9 commits to master since this release

πŸ— πŸŽ‰ πŸ”

Changes since v1.0.0-rc.1

No code changes

Changes since v0.14.5:

  • IMPORTANT! In previous versions, nacl.secretbox.open, nacl.box.open, and nacl.box.after returned false when opening failed (for example, when using incorrect key, nonce, or when input was maliciously or accidentally modified after encryption). This version instead returns null.

    The usual way to check for this condition:

    if (!result) { ... }

    is correct and will continue to work.

    However, direct comparison with false:

    if (result == false) { ... }

    it will no longer work and will not detect failure. Please check your code for this condition.

    (nacl.sign.open always returned null, so it is not affected.)

  • Arguments type check now uses instanceof Uint8Array instead of Object.prototype.toString.

  • Removed deprecation checks for nacl.util (moved to a
    separate package in v0.14.0).

  • Removed deprecation checks for the old signature API (changed in v0.10.0).

  • Improved benchmarking.

Pre-release

v1.0.0-rc.1 (release candidate)

@dchest dchest released this Feb 22, 2017 · 15 commits to master since this release

  • IMPORTANT! In previous versions, nacl.secretbox.open, nacl.box.open, and nacl.box.after returned false when opening failed (for example, when using incorrect key, nonce, or when input was maliciously or accidentally modified after encryption). This version instead returns null.

    The usual way to check for this condition:

    if (!result) { ... }

    is correct and will continue to work.

    However, direct comparison with false:

    if (result == false) { ... }

    it will no longer work and will not detect failure. Please check your code for this condition.

    (nacl.sign.open always returned null, so it is not affected.)

  • Arguments type check now uses instanceof Uint8Array instead of Object.prototype.toString.

  • Removed deprecation checks for nacl.util (moved to a
    separate package in v0.14.0).

  • Removed deprecation checks for the old signature API (changed in v0.10.0).

  • Improved benchmarking.

v0.14.5

@dchest dchest released this Dec 13, 2016 · 30 commits to master since this release

  • Fixed incomplete return types in TypeScript typings.
  • Replaced COPYING.txt with LICENSE file, which now has public domain dedication
    text from The Unlicense. License fields in package.json and bower.json have
    been set to "Unlicense". The project was and will be in the public domain --
    this change just makes it easier for automated tools to know about this fact by
    using the widely recognized and SPDX-compatible template for public domain
    dedication.

v0.14.4

@dchest dchest released this Dec 2, 2016 · 36 commits to master since this release

  • Added TypeScript type definitions (contributed by @AndSDev).
  • Improved benchmarking code.

Good news, everyone!

@dchest dchest released this Mar 29, 2016 · 58 commits to master since this release

The bug in the fast version of Poly1305 has been fixed and this version is back into nacl-fast.js. Thanks to @floodyberry for promptly responding and fixing it:

"The issue was not properly detecting if st->h was >= 2^130 - 5, coupled with [testing mistake] not catching the failure. The chance of the bug affecting anything in the real world is essentially zero luckily, but it's good to have it fixed."

floodyberry/poly1305-donna#2 (comment)

Commit in TweetNaCl.js: 6dcbcaf
Commit in Poly1305-donna: floodyberry/poly1305-donna@0911057

Important bug fix in fast version

@dchest dchest released this Mar 28, 2016 · 61 commits to master since this release

This update switches Poly1305 fast version back to original (slow) version.

There was a bug in fast version of Poly1305 which sometimes produced incorrect results. Authenticity of results of the following functions may be affected: secretbox, secretbox.open, box, box.open.

Fast version is default if you used npm package (e.g. require("tweetnacl")).

TweetNaCl.js comes in two favors: nacl.js, which is almost the exact port of TweetNaCl, and nacl-fast.js, which includes faster versions ported from other implementations. The fast version of Poly1305 message authenticator comes from 16-bit version of floodyberry/poly1305-donna. The bug is present in this version and was ported to JavaScript.

Until we figure how to fix the bug, Poly1305 in nacl-fast.js was switched to original nacl.js.

v0.14.1

@dchest dchest released this Feb 25, 2016 · 68 commits to master since this release

No code changes, just tweaked packaging and added COPYING.txt.

v0.14.0

@dchest dchest released this Feb 20, 2016 · 70 commits to master since this release

  • Breaking change! All functions from nacl.util have been removed. These
    functions are no longer available:

    nacl.util.decodeUTF8
    nacl.util.encodeUTF8
    nacl.util.decodeBase64
    nacl.util.encodeBase64
    

    If want to continue using them, you can include
    https://github.com/dchest/tweetnacl-util-js package:

    <script src="nacl.min.js"></script>
    <script src="nacl-util.min.js"></script>
    

    or

    var nacl = require('tweetnacl');
    nacl.util = require('tweetnacl-util');
    

    However it is recommended to use better packages that have wider
    compatibility and better performance. Functions from nacl.util were never
    intended to be robust solution for string conversion and were included for
    convenience: cryptography library is not the right place for them.

    Currently calling these functions will throw error pointing to
    tweetnacl-util-js (in the next version this error message will be removed).

  • Improved detection of available random number generators, making it possible
    to use nacl.randomBytes and related functions in Web Workers without
    changes.

  • Changes to testing (see README).

v0.13.3

@dchest dchest released this Jan 6, 2016 · 91 commits to master since this release

No code changes.

  • Reverted license field in package.json to "Public domain".
  • Fixed typo in README.

v0.13.2

@dchest dchest released this Sep 17, 2015 · 97 commits to master since this release

  • Fixed undefined variable bug in fast version of Poly1305. No worries, this
    bug was never triggered.
  • Specified CC0 public domain dedication.
  • Updated development dependencies.