version 0.007; 2010-07-30

• bugfix: in A::P::SaltedDigest, use "[0-9a-zA-Z_]" instead of "\w" in regexps where only ASCII characters are desired
• bugfix: in A::P::BlowfishCrypt, require bugfixed version of Crypt::Eksblowfish (for memory leak fix)
• bugfix: in A::P::SaltedDigest, require bugfixed version of Module::Runtime (for ASCII restriction of module name syntax)
• in A::P::EggdropBlowfish, use Crypt::Eksblowfish::Uklblowfish instead of Crypt::Blowfish to remove limitation on passphrase length
• abandon use of the "fields" module
• use simpler "parent" pragma in place of "base"
• in documentation, use the term "truth value" instead of the less precise "boolean"
• in A::P documentation, add MooseX::Types::Authen::Passphrase to "see also" list
• check for required Perl version at runtime
• use full stricture in test suite
• in Build.PL, explicitly declare configure-time requirements
• remove bogus "exit 0" from Build.PL
• add MYMETA.yml to .cvsignore

version 0.006; 2009-03-07

• bugfix: in A::P::SaltedDigest, use "[0-9]" instead of "\d" in regexps where only ASCII digits are desired
• bugfix: require bugfixed versions of Authen::DecHpwd, Crypt::Eksblowfish::Bcrypt, and Crypt::UnixCrypt_XS (for UTF8 scalar handling)
• bugfix: require bugfixed version of Authen::DecHpwd (for not crashing)
• bugfix: require bugfixed version of Module::Runtime (for $SIG{__DIE__} handling)
• avoid "\x{}" in regexp character classes, for compatibility with perl v5.6
• in documentation for A::P::SaltedDigest, briefly discuss the new generation of hash algorithms
• test POD syntax and coverage, and rename some internal functions to satisfy the coverage test
• drop prototypes from method subs (where the prototypes have no effect)
• in tests, avoid unreliable "\S" regexp element
• build with Module::Build instead of ExtUtils::MakeMaker
• complete dependency list
• more precise Crypt::Eksblowfish::Bcrypt dependency instead of Crypt::Eksblowfish dependency
• include signature in distribution
• in documentation, separate "license" section from "copyright" section

version 0.005; 2007-01-21

• avoid "my __PACKAGE__", for compatibility with perl v5.6
• point to Crypt::SaltedHash from documentation for A::P::SaltedDigest
• remove bogus link to Crypt::Passwd from documentation for A::P::SaltedDigest
• grammar fix in documentation for A::P::LANManager
• punctuation fix in documentation for A::P::Crypt16

version 0.004; 2006-09-01

• implement Eggdrop blowfish.mod algorithm in Authen::Passphrase::EggdropBlowfish based on the Crypt::Blowfish module; initially limited to passphrases up to 56 bytes
• in A::P::VMSPurdy, change ->hash_hex method to output in uppercase, as used in crypt strings
• in A::P::VMSPurdy, add a "salt_hex =>" constructor parameter and a ->salt_hex method, handling salt in the hexadecimal format used in crypt strings
• in documentation for A::P::DESCrypt, move the security warning to apply to both the traditional and extended schemes
• in documentation for A::P::MySQL323, be more explicit about storage format
• documentation markup fix in A::P::BlowfishCrypt

version 0.003; 2006-08-31

• implement VMS Purdy polynomial algorithm family (crypt identifiers $VMS1$, $VMS2$, and $VMS3$) in Authen::Passphrase::VMSPurdy based on the Authen::DecHpwd module
• implement phpass algorithm (crypt identifier $P$) in Authen::Passphrase::PHPass
• implement MySQL v3.23 algorithm in Authen::Passphrase::MySQL323 based on the Crypt::MySQL module
• implement MySQL v4.1 algorithm in Authen::Passphrase::MySQL41
• in from_crypt, when handling known but unimplemented schemes, say so instead of not recognising the scheme identifier
• move from_crypt and from_rfc2307 parsing code from Authen::Passphrase into scheme-specific modules
• put all data stored in objects into canonical form, to avoid propagating dualvars or other oddities
• document {CRYPT16}, ambiguously used by Exim
• make {CRYPT} documentation more explicit
• fix a bogus reference to DES in the documentation of A::P::BlowfishCrypt

version 0.002; 2006-08-12

• implement LAN Manager hash scheme (RFC 2307 identifiers {LANMAN} and {LANM}) in Authen::Passphrase::LANManager, along with separable halves (crypt identifier $LM$) in Authen::Passphrase::LANManagerHalf
• implement Netscape Mail Server's MD5-based scheme (RFC 2307 identifier {NS-MTA-MD5}) in Authen::Passphrase::NetscapeMail
• implement crypt16 from Ultrix in Authen::Passphrase::Crypt16
• implement bigcrypt from Digital Unix in Authen::Passphrase::BigCrypt
• implement RFC 2307 scheme identifier {MD4} (plain MD4)
• implement RFC 2307 scheme identifier {RMD160} (plain RIPEMD-160)
• implement RFC 2307 scheme identifier {MSNT} (NT-Hash)
• implement crypt scheme identifier $NT$ (NT-Hash with a different textual format from $3$)
• implement RFC 2307 scheme identifier {WM-CRY} (synonym for {CRYPT})
• add a "passphrase =>" constructor parameter to A::P::BlowfishCrypt->new, A::P::DESCrypt->new, A::P::MD5Crypt->new, A::P::NTHash->new, and A::P::SaltedDigest->new (such a parameter also exists in the new A::P::BigCrypt->new, A::P::Crypt16->new, A::P::LANManager->new, A::P::LANManagerHalf->new, and A::P::NetscapeMail->new)
• add a "salt_random =>" constructor parameter to A::P::BlowfishCrypt->new, A::P::DESCrypt->new, A::P::MD5Crypt->new, and A::P::SaltedDigest->new (such a parameter also exists in the new A::P::BigCrypt->new, A::P::Crypt16->new and A::P::NetscapeMail->new)
• in A::P::SaltedDigest, accept bare package names and related forms, and references to blessed objects, as algorithm identifiers
• in the from_crypt and from_rfc2307 constructors, reject strings containing spaces or control characters
• in Authen::Passphrase::MD5Crypt, refuse to put a space character into a crypt string
• in Authen::Passphrase::Clear, refuse to put spaces or control characters into an RFC 2307 string
• in Authen::Passphrase::MD5Crypt, check that the salt string contains only bytes
• prohibit the base class from_crypt and from_rfc2307 constructors being called on subclasses
• in testing Authen::Passphrase::NTHash, check case handling
• rewrite the from_crypt constructor to use scheme identifiers as such, the way from_rfc2307 already does
• in documentation for the from_crypt constructor, list all known scheme identifiers
• in documentation for the from_rfc2307 constructor, list known pseudo-schemes (where instead of a passphrase hash there is a reference to some other authentication mechanism)
• discuss resistance to brute force attacks in documentation
• more realistic example salts in the synopsis of A::P::MD5Crypt and A::P::SaltedDigest

version 0.001; 2006-08-06

• implement Blowfish-based crypt() scheme (crypt identifiers $2$ and $2a$) in Authen::Passphrase::BlowfishCrypt, based on the new Crypt::Eksblowfish::Bcrypt module
• include MIME::Base64 in dependency list in Makefile.PL
• versioned dependencies
• add test t/intdescrypt.t for the full DESCrypt interface
• test full SaltedDigest interface in t/smd5.t and t/ssha.t
• test full NTHash interface in t/nthash.t
• use "=> 0" instead of "=> undef" in unversioned dependencies in Makefile.PL
• in the Authen::Passphrase constructors, note the effects of the runtime loading of specific recogniser class modules
• comment on the origins of the MD5-based and Blowfish-based crypt() schemes
• corrected copyright year in README

version 0.000; 2006-05-23

• initial released version