Argon2 & Scrypt hash support
TOTP support
PBKDF2 now has faster builtin backend, and utilizes other backends where available
Lots of API cleanups and internal refactoring
HtpasswdFile reader is now more flexible, and with improved security options.
Refreshed documentation
Problems found locating distfiles:
Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
Package libidea: missing distfile libidea-0.8.2b.tar.gz
Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
Package uvscan: missing distfile vlp4510e.tar.Z
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
**1.6.5** (2015-08-04) ======================
Fixed some minor bugs in the test suite which were causing
erroneous test failures (:issue:`57` and :issue:`58`). The passlib
library itself is unchanged.
**1.6.4** (2015-07-25) ======================
This release rolls up assorted bug & compatibility fixes since
1.6.2.
Bugfixes --------
* Correctly detect bcrypt 2.0. Previous releases were incorrectly
detecting it as py-bcrypt,
causing spurious errors (:issue:`56`).
* CryptContext now accepts scheme names as unicode (:issue:`54`).
* :mod:`passlib.ext.django` now works correctly with Django
1.7-1.8. Previous
releases had various test failures (:issue:`52`).
* :class:`passlib.apache.HtpasswdFile` now recognizes bcrypt,
sha256_crypt, sha512_crypt
hashes (:issue:`55`).
BCrypt Changes --------------
A few changes have been made to the :class:`~passlib.hash.bcrypt`
hash:
* It now supports the ``$2b$`` hash format.
* It will now issue a :exc:`~passlib.exc.PasslibSecurityWarning`
if the active backend
is vulnerable to the :ref:`wraparound bug <bsd-wraparound-bug>`,
and automatically enable a workaround (py-bcrypt is known to
be vulnerable as of v0.4).
* It will throw a :exc:`~passlib.exc.PasslibSecurityError` if
the active backend
is vulnerable to the :ref:`8-bit bug <crypt-blowfish-bug>`
(none of Passlib's backends are known to be vulnerable as of
2015-07).
* Updated documentation to indicate the cffi-based `bcrypt
<https://pypi.python.org/pypi/bcrypt>`_
library is now the recommended bcrypt backend.
* Backend capability detection code refactored to rely on runtime
detection
rather than hardcoded information.
Other Changes -------------
* Source repo's ``tox.ini`` updated. Now assumes python3 by
default, and refactored test
environments to more cleanly delineate the different setups
being tested.
* Passlib releases are now published as wheels instead of eggs.
.. note::
Release **1.6.3** was skipped due to upload issues.
**1.6.2** (2013-12-26)
======================
Minor changes & compatibility fixes
* Re-tuned the :attr:`~passlib.ifc.PasswordHash.default_rounds`
values for all of the hashes.
* Added the new :doc:`bcrypt_sha256 <lib/passlib.hash.bcrypt_sha256>` hash,
which wraps BCrypt using SHA256 in order to work around
BCrypt's password size limitations (:issue:`43`).
* :doc:`passlib.hash.bcrypt <lib/passlib.hash.bcrypt>`:
Added support for the `bcrypt <https://pypi.python.org/pypi/bcrypt>`_
library as one of the possible bcrypt backends that will be
used if available. (:issue:`49`)
* :mod:`passlib.ext.django`: Passlib's Django extension
(and it's related hashes and unittests) have been updated to
handle some minor API changes in Django 1.5-1.6. They should
now be compatible with Django 1.2 and up. (:issue:`50`)
Passlib is a password hashing library for Python 2 & 3, which
provides cross-platform implementations of over 30 password hashing
algorithms, as well as a framework for managing existing password
hashes. It's designed to be useful for a wide range of tasks, from
verifying a hash found in /etc/shadow, to providing full-strength
password hashing for multi-user application.
