v0.7.0

• Add tird.1 (manpage)
• Minor UI and docs updates
• Add manpage option to Makefile to generate tird.1 from MANPAGE.md using pandoc

v0.6.0

• Update LOGO
• Add MANPAGE.md
• Rename some input options
• Update description

v0.5.0

• Sanitize comments: prevent UnicodeDecodeError in some cases.
• Update blake2b personalization values.

v0.4.0

• New cryptoblob structure:

                     512B          0+B
                 +----------+---------------+
                 | comments | file contents |
                 +----------+---------------+
  16B     0+B    |        plaintext         | 64B     0+B     16B
+------+---------+--------------------------+-----+---------+------+
| salt | padding |        ciphertext        | MAC | padding | salt |
+------+---------+--------------------------+-----+---------+------+
|  urandom data  |      random-looking data       |  urandom data  |
+----------------+--------------------------------+----------------+

• Use new cipher: ChaCha20-IETF instead of SHAKE256-based cipher.
• Add new dependencies: pynacl (provides Argon2) and pycryptodomex (provides ChaCha20).
• Use a new KDF: Argon2 instead of scrypt and catpig.
• Rename: mode to action, hide to embed, unhide to extract.
• Compare MAC tags in costant time using hmac.compare_digest().
• Do not encrypt MAC tags.
• Forbid unknown CLI options.
• Do not convert specified file paths (input, output, keyfiles) to realpath before opening fd.
• Update logo.
• Other minor improvements.

v0.3.0

• Add SECURITY.md.
• Add -d/--debug option.
• Add type hints to Python code.
• Update color scheme for Linux terminal emulators.
• Improve handling of possible I/O errors.
• Remove personalization for keyed BLAKE2b (MAC).
• Remove personalization for BLAKE2b in modes 4, 5.
• Run garbage collection when keys are no longer needed (use del and gc.collect()).
• Add authentication tag by default.
• Change randomized padding scheme.
• Rename metadata to comments and make its size non-customizable (always 512 bytes).
• Set new scrypt parameters: n=2**20, r=8, p=1.
• Add salt when hashing keyfiles and passphrases using BLAKE2b.
• Set new salt sizes for KDF functions: 16 bytes.
• Add catpig v0.3.0 memory-hard password-hashing function before scrypt KDF.
• Show padding positions in modes 2, 6.
• Cipher simplification. Removing rounds, reducing block size to 64K. Now the ciphertext is obtained by XORing plaintext with the output of SHAKE256. This also results in easier handling of keyfiles.
• Remove custom options: Debug, Number of rounds, Keystream block size, Randomized padding order, Derived key length, Metadata size.
• Add new cusom options: Catpig KDF space, Catpig KDF passes.

v0.2.1

Fix error: prevent accepting a passphrase that not confirmed

v0.2.0

• Improve documentation.
• Metadata default size set to 512.
• Limit max metadata size; set MAX_METADATA_SIZE=16K.
• One KDF salt size set to 32.
• Changed metadata processing scheme. Metadata is now padded with random bytes instead of spaces.
• Approach to authenticated encryption changed to EtM.
• Improved debug messages.
• Improved dialogs and menu.
• Added BLAKE2b personalization.
• Added colors to terminal output (at least on Linux).
• Added randomized padding up to 20% of the message size by default.
• Added handling of possible I/O errors.
• Mode 9: Removed the ability to overwrite with identical bytes.
• Other minor improvements.

v0.1.0

The main functionality has been implemented.