1 2User-Visible Changes in python-spake2 3 4* Release 0.8 (14-Feb-2018) 5 6API BREAK (but not a compatibility break) 7 8Applications using this release will start up faster. The library includes 9multiple groups (with different message sizes, performance, and security 10levels), and each group uses a different blinding factor. These factors take 11a relatively long time to compute. The previous release did this computation 12for all groups, even ones that the application never imported. This release 13changes the import API to avoid the unnecessary calculations, which saves 14about 400ms at import time on my 2016-era laptop (and several seconds on a 15Raspberry Pi). 16 17Applications must use different "import" statements when upgrading to this 18release ("from spake2.parameters.ed25519 import ParamsEd25519" instead of 19"from spake2 import ParamsEd25519"). However this release retains message 20compatibility with spake2-0.7: apps using 0.8 can interoperate with apps 21using 0.7 without problems. 22 23 24* Release 0.7 (12-May-2016) 25 26COMPATIBILITY BREAK 27 28This release changes the way passwords are turned into scalars, and the way 29the final transcript hash is formatted. Hopefully this will be compatible 30with the proposed SJCL (Javascript) implementation described in the comments 31of https://github.com/bitwiseshiftleft/sjcl/pull/273 . Applications which use 32python-spake2-0.3 or earlier will not interoperate with those which use 0.7 33or later: the session keys will never match. 34 35pypy3 support has been dropped, until pypy3 handles python3.3 or later (it 36currently implements the equivalent of python3.2). 37 38python-spake2 now depends on the "hkdf" package. Tox and py.test are now used 39for running tests. setup.py has been switched from distutils to setuptools. 40 41 42* Release 0.3 (22-Sep-2015) 43 44Use the faster "M=N" blinding factors for SPAKE2_Symmetric, instead of 45running two sessions in parallel and combining the results. This gets the 46same speed and message size as the asymmetric (SPAKE2_A/SPAKE2_B) approach, 47and is probably safe (see README for the security proofs). 48 49 50* Release 0.2 (08-Apr-2015) 51 52Use Ed25519 group/parameters by default (improves speed, security, and 53message size). Note that both sides must use the same parameter set for 54compatibility. 55 56 57* Release 0.1 (13-Feb-2015) 58 59Initial release. Includes SPAKE2_A/SPAKE2_B, and SPAKE2_Symmetric. Provides 60three integer-group parameter sets (Params1024, Params2048, Params3072). 61