Skip to content

Version 4.1.0
Compare
Choose a tag to compare
@paragonie-scott paragonie-scott released this 05 Jan 22:49
· 331 commits to master since this release
v4.1.0
This tag was signed with the committer’s verified signature.
paragonie-security P.I.E. Security Team
GPG key ID: 6B97A1C2826404DA
Learn about vigilant mode.
b060e00

Added support for libsodium 1.0.15, which was previously broken in 4.0.x.

Passwords should be autoamtically migrated, but if keys were being generated via
KeyFactory::derive______Key() (fill in the blank), you'll need to change your
usage of this API to get the same key as previously. Namely, you'll need to pass
the SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13 constant to the fourth argument after the
password, salt, and security level.

        $key = KeyFactory::deriveEncryptionKey(
            new HiddenString('correct horse barry staple'),
-             "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+             "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+             KeyFactory::INTERACTIVE,
+             SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13
        );

If you previously specified a security level, your diff might look like this:

        $key = KeyFactory::deriveEncryptionKey(
            new HiddenString('correct horse barry staple'),
            "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
-             KeyFactory::SENSITIVE
+             KeyFactory::SENSITIVE,
+             SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13
        );
Assets 2
Loading