- update annotations for allowed secret key types (#44, thanks @jyasskin!)
- allow buffer and other node-supported types as key (#33)
- be pickier about extra content after signed portion (#40)
- some internal code clarity/cleanup improvements (#26)
- switch to built-in
crypto.timingSafeEqual
for validation instead of previous double-hash method (thank you @jodevsa!)
Later release for older node.js versions. See the v1.0.x branch notes.
- use
npm test
instead ofmake test
to run tests - clearer assertion messages when checking input
- add license to package.json
- corrected avoidance of timing attacks (thanks @tenbits!)
- [incorrect] fix for timing attacks
- fix missing repository warning
- fix typo in test
- Revert "Changed underlying HMAC algo. to sha512."
- Revert "Fix for timing attacks on MAC verification."
- Initial release