Closed lmctv closed 7 years ago
Libsodium's change log talks about this but I can't find note on "released" anywhere. Should PyNaCl 1.2 wait for libsodium 1.0.13 to be released? If libsodium mainline already has a finished API then most work could be done while waiting.
(Personally I'm in no hurry to have only Argon2i, because my main project benefits only from resistance against GPUs/ASICs.)
Releases are cheap, but I'm fine either way. The only official blockers for a 1.2 release right now are https://github.com/pyca/pynacl/milestone/4 though :)
I'like to have both the dreaded from_seed
#317 , and, if you think it makes sense, the changed comparison for high level PrivateKey in #320 before cutting a release, just to close a couple more issues; if libsodium 1.0.13 doesn't come out soon enough, argon2id could become the main course in 1.3 , with ChaCha20Poly1305 offered as a dessert...
1.0.13 hasn't been released yet!
@jedisct1 thanks for your confirmation, I was beginning to fear some form of selective blindness was affecting all of us contributing and consuming pynacl, making all of us unable to find that new shiny version we read about in the changelog... Thank you once more, and keep up with your good work.
1.0.13 was released July 14 so we should update now
1.0.14 is out now.
@reaperhulk, @alex , I'd like to upgrade the bundled version directly to 1.0.14 and add support for argon2id before releasing 1.2.0, since I think support for direct selection of argon2i vs argon2id in crypto_pwhash_str_alg could be useful for downstream API consumers.
Pull request waiting for proper resolution of jedisct1/libsodium#600, which affects all SODIUM_INSTALL=system builds (see: https://travis-ci.org/lmctv/pynacl/jobs/271340570)
OK, upstream tarball is fixed; I think PR #343 is ready,
This would expose the
argon2id
partially data-dependent password hashing construct.