All Versions
28
Latest Version
Avg Release Cycle
156 days
Latest Release
3395 days ago

Changelog History
Page 2

  • v2.1.0.beta1 Changes

    * Modified RSA.generate() to ensure that e is coprime to p-1 and q-1.
      Apparently, RSA.generate was capable of generating unusable keys.
    
  • v2.1.0.b1

    November 02, 2009
  • v2.1.0.alpha2 Changes

    * Modified isPrime() to release the global interpreter lock while
      performing computations. (patch from Lorenz Quack)
    
    * Release the GIL while encrypting, decrypting, and hashing (but not
      during initialization or finalization).
    
    * API changes:
    
      - Removed RandomPoolCompat and made Crypto.Util.randpool.RandomPool
        a wrapper around Crypto.Random that emits a DeprecationWarning.
        This is to discourage developers from attempting to provide
        backwards compatibility for systems where there are NO strong
        entropy sources available.
    
      - Added Crypto.Random.get_random_bytes().  This should allow people
        to use something like this if they want backwards-compatibility:
    
            try:
                 from Crypto.Random import get_random_bytes
            except ImportError:
                 try:
                     from os import urandom as get_random_bytes
                 except ImportError:
                     get_random_bytes = open("/dev/urandom", "rb").read
    
      - Implemented __ne__() on pubkey, which fixes the following broken
        behaviour:
            >>> pk.publickey() == pk.publickey()
            True
            >>> pk.publickey() != pk.publickey()
            True
        (patch from Lorenz Quack)
    
      - Block ciphers created with MODE_CTR can now operate on strings of
        any size, rather than just multiples of the underlying cipher's
        block size.
    
      - Crypto.Util.Counter objects now raise OverflowError when they wrap
        around to zero.  You can override this new behaviour by passing
        allow_wraparound=True to Counter.new()
    
  • v2.1.0.alpha1 Changes

    * This version supports Python versions 2.1 through 2.6.
    
    * Clarified copyright status of much of the existing code by tracking
      down Andrew M. Kuchling, Barry A. Warsaw, Jeethu Rao, Joris Bontje,
      Mark Moraes, Paul Swartz, Robey Pointer, and Wim Lewis and getting
      their permission to clarify the license/public-domain status of their
      contributions.  Many thanks to all involved!
    
    * Replaced the test suite with a new, comprehensive package
      (Crypto.SelfTest) that includes documentation about where its test
      vectors came from, or how they were derived.
    
      Use "python setup.py test" to run the tests after building.
    
    * API changes:
    
      - Added Crypto.version_info, which from now on will contain version
        information in a format similar to Python's sys.version_info.
    
      - Added a new random numbers API (Crypto.Random), and deprecated the
        old one (Crypto.Util.randpool.RandomPool), which was misused more
        often than not.
    
        The new API is used by invoking Crypto.Random.new() and then just
        reading from the file-like object that is returned.
    
        CAVEAT: To maintain the security of the PRNG, you must call
        Crypto.Random.atfork() in both the parent and the child processes
        whenever you use os.fork().  Otherwise, the parent and child will
        share copies of the same entropy pool, causing them to return the
        same results!  This is a limitation of Python, which does not
        provide readily-accessible hooks to os.fork().  It's also a
        limitation caused by the failure of operating systems to provide
        sufficiently fast, trustworthy sources of cryptographically-strong
        random numbers.
    
      - Crypto.PublicKey now raises ValueError/TypeError/RuntimeError
        instead of the various custom "error" exceptions
    
      - Removed the IDEA and RC5 modules due to software patents.  Debian
        has been doing this for a while
    
      - Added Crypto.Random.random, a strong version of the standard Python
       'random' module.
    
      - Added Crypto.Util.Counter, providing fast counter implementations
        for use with CTR-mode ciphers.
    
    * Bug fixes:
    
      - Fixed padding bug in SHA256; this resulted in bad digests whenever
        (the number of bytes hashed) mod 64 == 55.
    
      - Fixed a 32-bit limitation on the length of messages the SHA256 module
        could hash.
    
      - AllOrNothing: Fixed padding bug in digest()
    
      - Fixed a bad behaviour of the XOR cipher module: It would silently
        truncate all keys to 32 bytes.  Now it raises ValueError when the
        key is too long.
    
      - DSA: Added code to enforce FIPS 186-2 requirements on the size of
        the prime p
    
      - Fixed the winrandom module, which had been omitted from the build
        process, causing security problems for programs that misuse RandomPool.
    
      - Fixed infinite loop when attempting to generate RSA keys with an
        odd number of bits in the modulus.  (Not that you should do that.)
    
    * Clarified the documentation for Crypto.Util.number.getRandomNumber.
    
      Confusingly, this function does NOT return N random bits; It returns
      a random N-bit number, i.e. a random number between 2**(N-1) and (2**N)-1.
    
      Note that getRandomNumber is for internal use only and may be
      renamed or removed in future releases.
    
    * Replaced RIPEMD.c with a new implementation (RIPEMD160.c) to
      alleviate copyright concerns.
    
    * Replaced the DES/DES3 modules with ones based on libtomcrypt-1.16 to
      alleviate copyright concerns.
    
    * Replaced Blowfish.c with a new implementation to alleviate copyright
      concerns.
    
    * Added a string-XOR implementation written in C (Crypto.Util.strxor)
      and used it to speed up Crypto.Hash.HMAC
    
    * Converted documentation to reStructured Text.
    
    * Added epydoc configuration Doc/epydoc-config
    
    * setup.py now emits a warning when building without GMP.
    
    * Added pct-speedtest.py to the source tree for doing performance
      testing on the new code.
    
    * Cleaned up the code in several places.
    
  • v2.1.0beta1 Changes

    * Modified RSA.generate() to ensure that e is coprime to p-1 and q-1.
      Apparently, RSA.generate was capable of generating unusable keys.
    
  • v2.1.0alpha2 Changes

    * Modified isPrime() to release the global interpreter lock while
      performing computations. (patch from Lorenz Quack)
    
    * Release the GIL while encrypting, decrypting, and hashing (but not
      during initialization or finalization).
    
    * API changes:
    
      - Removed RandomPoolCompat and made Crypto.Util.randpool.RandomPool
        a wrapper around Crypto.Random that emits a DeprecationWarning.
        This is to discourage developers from attempting to provide
        backwards compatibility for systems where there are NO strong
        entropy sources available.
    
      - Added Crypto.Random.get_random_bytes().  This should allow people
        to use something like this if they want backwards-compatibility:
    
            try:
                 from Crypto.Random import get_random_bytes
            except ImportError:
                 try:
                     from os import urandom as get_random_bytes
                 except ImportError:
                     get_random_bytes = open("/dev/urandom", "rb").read
    
      - Implemented __ne__() on pubkey, which fixes the following broken
        behaviour:
            >>> pk.publickey() == pk.publickey()
            True
            >>> pk.publickey() != pk.publickey()
            True
        (patch from Lorenz Quack)
    
      - Block ciphers created with MODE_CTR can now operate on strings of
        any size, rather than just multiples of the underlying cipher's
        block size.
    
      - Crypto.Util.Counter objects now raise OverflowError when they wrap
        around to zero.  You can override this new behaviour by passing
        allow_wraparound=True to Counter.new()
    
  • v2.1.0alpha1 Changes

    * This version supports Python versions 2.1 through 2.6.
    
    * Clarified copyright status of much of the existing code by tracking
      down Andrew M. Kuchling, Barry A. Warsaw, Jeethu Rao, Joris Bontje,
      Mark Moraes, Paul Swartz, Robey Pointer, and Wim Lewis and getting
      their permission to clarify the license/public-domain status of their
      contributions.  Many thanks to all involved!
    
    * Replaced the test suite with a new, comprehensive package
      (Crypto.SelfTest) that includes documentation about where its test
      vectors came from, or how they were derived.
    
      Use "python setup.py test" to run the tests after building.
    
    * API changes:
    
      - Added Crypto.version_info, which from now on will contain version
        information in a format similar to Python's sys.version_info.
    
      - Added a new random numbers API (Crypto.Random), and deprecated the
        old one (Crypto.Util.randpool.RandomPool), which was misused more
        often than not.
    
        The new API is used by invoking Crypto.Random.new() and then just
        reading from the file-like object that is returned.
    
        CAVEAT: To maintain the security of the PRNG, you must call
        Crypto.Random.atfork() in both the parent and the child processes
        whenever you use os.fork().  Otherwise, the parent and child will
        share copies of the same entropy pool, causing them to return the
        same results!  This is a limitation of Python, which does not
        provide readily-accessible hooks to os.fork().  It's also a
        limitation caused by the failure of operating systems to provide
        sufficiently fast, trustworthy sources of cryptographically-strong
        random numbers.
    
      - Crypto.PublicKey now raises ValueError/TypeError/RuntimeError
        instead of the various custom "error" exceptions
    
      - Removed the IDEA and RC5 modules due to software patents.  Debian
        has been doing this for a while
    
      - Added Crypto.Random.random, a strong version of the standard Python
       'random' module.
    
      - Added Crypto.Util.Counter, providing fast counter implementations
        for use with CTR-mode ciphers.
    
    * Bug fixes:
    
      - Fixed padding bug in SHA256; this resulted in bad digests whenever
        (the number of bytes hashed) mod 64 == 55.
    
      - Fixed a 32-bit limitation on the length of messages the SHA256 module
        could hash.
    
      - AllOrNothing: Fixed padding bug in digest()
    
      - Fixed a bad behaviour of the XOR cipher module: It would silently
        truncate all keys to 32 bytes.  Now it raises ValueError when the
        key is too long.
    
      - DSA: Added code to enforce FIPS 186-2 requirements on the size of
        the prime p
    
      - Fixed the winrandom module, which had been omitted from the build
        process, causing security problems for programs that misuse RandomPool.
    
      - Fixed infinite loop when attempting to generate RSA keys with an
        odd number of bits in the modulus.  (Not that you should do that.)
    
    * Clarified the documentation for Crypto.Util.number.getRandomNumber.
    
      Confusingly, this function does NOT return N random bits; It returns
      a random N-bit number, i.e. a random number between 2**(N-1) and (2**N)-1.
    
      Note that getRandomNumber is for internal use only and may be
      renamed or removed in future releases.
    
    * Replaced RIPEMD.c with a new implementation (RIPEMD160.c) to
      alleviate copyright concerns.
    
    * Replaced the DES/DES3 modules with ones based on libtomcrypt-1.16 to
      alleviate copyright concerns.
    
    * Replaced Blowfish.c with a new implementation to alleviate copyright
      concerns.
    
    * Added a string-XOR implementation written in C (Crypto.Util.strxor)
      and used it to speed up Crypto.Hash.HMAC
    
    * Converted documentation to reStructured Text.
    
    * Added epydoc configuration Doc/epydoc-config
    
    * setup.py now emits a warning when building without GMP.
    
    * Added pct-speedtest.py to the source tree for doing performance
      testing on the new code.
    
    * Cleaned up the code in several places.
    
  • v2.0.1 Changes

    * Fix SHA256 and RIPEMD on AMD64 platform.
        * Deleted Demo/ directory.
    * Add PublicKey to Crypto.__all__
    

    2.0

    * Added SHA256 module contributed by Jeethu Rao, with test data
      from Taylor Boon.
    
    * Fixed AES.c compilation problems with Borland C.  
      (Contributed by Jeethu Rao.)
    
    * Fix ZeroDivisionErrors on Windows, caused by the system clock
      not having enough resolution.
    
        * Fix 2.1/2.2-incompatible use of (key not in dict),
      pointed out by Ian Bicking.
    
    * Fix FutureWarning in Crypto.Util.randpool, noted by James P Rutledge.
    

    1.9alpha6

    * Util.number.getPrime() would inadvertently round off the bit
      size; if you asked for a 129-bit prime or 135-bit prime, you
      got a 128-bit prime.
    
    * Added Util/test/prime_speed.py to measure the speed of prime
      generation, and PublicKey/test/rsa_speed.py to measure
      the speed of RSA operations.
    
    * Merged the _rsa.c and _dsa.c files into a single accelerator
      module, _fastmath.c.  
    
    * Speed improvements: Added fast isPrime() function to _fastmath,
      cutting the time to generate a 1024-bit prime by a factor of 10.
      Optimized the C version of RSA decryption to use a longer series
      of operations that's roughly 3x faster than a single
      exponentiation.  (Contributed by Joris Bontje.)
    
    * Added support to RSA key objects for blinding and unblinding 
      data. (Contributed by Joris Bontje.)
    
    * Simplified RSA key generation: hard-wired the encryption
      exponent to 65537 instead of generating a random prime;
      generate prime factors in a loop until the product 
      is large enough.
    
    * Renamed cansign(), canencrypt(), hasprivate(), to 
      can_sign, can_encrypt, has_private.  If people shriek about
      this change very loudly, I'll add aliases for the old method
      names that log a warning and call the new method.
    

    1.9alpha5

        * Many randpool changes.  RandomPool now has a
          randomize(N:int) method that can be called to get N
          bytes of entropy for the pool (N defaults to 0,
          which 'fills up' the pool's entropy) KeyboardRandom
          overloads this method.
    
        * Added src/winrand.c for Crypto.Util.winrandom and
          now use winrandom for _randomize if possible.
          (Calls Windows CryptoAPI CryptGenRandom)
    
        * Several additional places for stirring the pool,
          capturing inter-event entropy when reading/writing,
          stirring before and after saves.
    
        * RandomPool.add_event now returns the number of
          estimated bits of added entropy, rather than the
          pool entropy itself (since the pool entropy is
          capped at the number of bits in the pool)
    
        * Moved termios code from KeyboardRandomPool into a
          KeyboardEntry class, provided a version for Windows
          using msvcrt.
    
        * Fix randpool.py crash on machines with poor timer resolution.
          (Reported by Mark Moraes and others.)
    
        * If the GNU GMP library is available, two C extensions will be 
          compiled to speed up RSA and DSA operations.  (Contributed by 
          Paul Swartz.)
    
        * DES3 with a 24-byte key was broken; now fixed.  
      (Patch by Philippe Frycia.)
    

    1.9alpha4

        * Fix compilation problem on Windows.
    
        * HMAC.py fixed to work with pre-2.2 Pythons
    
        * setup.py now dies if built with Python 1.x
    

    1.9alpha3

        * Fix a ref-counting bug that caused core dumps.  
          (Reported by Piers Lauder and an anonymous SF poster.)
    

    1.9alpha2

        * (Backwards incompatible) The old Crypto.Hash.HMAC module is
          gone, replaced by a copy of hmac.py from Python 2.2's standard
          library.  It will display a warning on interpreter versions
          older than 2.2.
    
        * (Backwards incompatible) Restored the Crypto.Protocol package,
          and modernized and tidied up the two modules in it,
          AllOrNothing.py and Chaffing.py, renaming various methods
          and changing the interface.
    
        * (Backwards incompatible) Changed the function names in
          Crypto.Util.RFC1751.
    
        * Restored the Crypto.PublicKey package at user request.  I
          think I'll leave it in the package and warn about it in the
          documentation.  I hope that eventually I can point to
          someone else's better public-key code, and at that point I
          may insert warnings and begin the process of deprecating
          this code.
    
        * Fix use of a Python 2.2 C function, replacing it with a 
          2.1-compatible equivalent.  (Bug report and patch by Andrew
          Eland.)  
    
        * Fix endianness bugs that caused test case failures on Sparc,
          PPC, and doubtless other platforms.
    
        * Fixed compilation problem on FreeBSD and MacOS X.
    
        * Expanded the test suite (requires Sancho, from 
          http://www.mems-exchange.org/software/sancho/)
    
        * Added lots of docstrings, so 'pydoc Crypto' now produces 
          helpful output.  (Open question: maybe *all* of the documentation
          should be moved into docstrings?)
    
        * Make test.py automatically add the build/* directory to sys.path.
    
        * Removed 'inline' declaration from C functions.  Some compilers
          don't support it, and Python's pyconfig.h no longer tells you whether
          it's supported or not.  After this change, some ciphers got slower,
          but others got faster.
    
        * The C-level API has been changed to reduce the amount of
          memory-to-memory copying.   This makes the code neater, but 
          had ambiguous performance effects; again, some ciphers got slower
          and others became faster.  Probably this is due to my compiler
          optimizing slightly worse or better as a result.
    
        * Moved C source implementations into src/ from block/, hash/, 
          and stream/.  Having Hash/ and hash/ directories causes problems
          on case-insensitive filesystems such as Mac OS.
    
        * Cleaned up the C code for the extensions.
    

    1.9alpha1

        * Added Crypto.Cipher.AES.
    
        * Added the CTR mode and the variable-sized CFB mode from the
          NIST standard on feedback modes. 
    
        * Removed Diamond, HAVAL, MD5, Sapphire, SHA, and Skipjack.  MD5
          and SHA are included with Python; the others are all of marginal
          usefulness in the real world.
    
        * Renamed the module-level constants ECB, CFB, &c., to MODE_ECB,
          MODE_CFB, as part of making the block encryption modules 
          compliant with PEP 272.  (I'm not sure about this change;
          if enough users complain about it, I might back it out.)
    
        * Made the hashing modules compliant with PEP 247 (not backward
          compatible -- the major changes are that the constructor is now 
          MD2.new and not MD2.MD2, and the size of the digest is now 
          given as 'digest_size', not 'digestsize'.
    
        * The Crypto.PublicKey package is no longer installed; the
          interfaces are all wrong, and I have no idea what the right
          interfaces should be.  
    

    1.1alpha2

        * Most importantly, the distribution has been broken into two
    

    parts: exportable, and export-controlled. The exportable part contains all the hashing algorithms, signature-only public key algorithms, chaffing & winnowing, random number generation, various ๐Ÿ“š utility modules, and the documentation.

        The export-controlled part contains public-key encryption
    

    algorithms such as RSA and ElGamal, and bulk encryption algorithms like DES, IDEA, or Skipjack. Getting this code still requires that you go through an access control CGI script, and denies you access if you're outside the US or Canada.

        * Added the RIPEMD hashing algorithm.  (Contributed by
    

    Hirendra Hindocha.)

        * Implemented the recently declassified Skipjack block
    

    encryption algorithm. My implementation runs at 864 K/sec on a ๐Ÿ‘ PII/266, which isn't particularly fast, but you're probably better off using another algorithm anyway. :)

        * A simple XOR cipher has been added, mostly for use by the
    

    chaffing/winnowing code. (Contributed by Barry Warsaw.)

        * Added Protocol.Chaffing and Hash.HMAC.py.  (Contributed by
    

    Barry Warsaw.)

        Protocol.Chaffing implements chaffing and winnowing, recently
    

    proposed by R. Rivest, which hides a message (the wheat) by adding many noise messages to it (the chaff). The chaff can be discarded by the receiver through a message authentication code. The neat thing about this is that it allows secret communication without actually having an encryption algorithm, and therefore this falls within the exportable subset.

        * Tidied up randpool.py, and removed its use of a block
    

    cipher; this makes it work with only the export-controlled subset available.

        * Various renamings and reorganizations, mostly internal.
    
  • v1.9.alpha6 Changes

    * Util.number.getPrime() would inadvertently round off the bit
      size; if you asked for a 129-bit prime or 135-bit prime, you
      got a 128-bit prime.
    
    * Added Util/test/prime_speed.py to measure the speed of prime
      generation, and PublicKey/test/rsa_speed.py to measure
      the speed of RSA operations.
    
    * Merged the _rsa.c and _dsa.c files into a single accelerator
      module, _fastmath.c.  
    
    * Speed improvements: Added fast isPrime() function to _fastmath,
      cutting the time to generate a 1024-bit prime by a factor of 10.
      Optimized the C version of RSA decryption to use a longer series
      of operations that's roughly 3x faster than a single
      exponentiation.  (Contributed by Joris Bontje.)
    
    * Added support to RSA key objects for blinding and unblinding 
      data. (Contributed by Joris Bontje.)
    
    * Simplified RSA key generation: hard-wired the encryption
      exponent to 65537 instead of generating a random prime;
      generate prime factors in a loop until the product 
      is large enough.
    
    * Renamed cansign(), canencrypt(), hasprivate(), to 
      can_sign, can_encrypt, has_private.  If people shriek about
      this change very loudly, I'll add aliases for the old method
      names that log a warning and call the new method.
    
  • v1.9.alpha5 Changes

        * Many randpool changes.  RandomPool now has a
          randomize(N:int) method that can be called to get N
          bytes of entropy for the pool (N defaults to 0,
          which 'fills up' the pool's entropy) KeyboardRandom
          overloads this method.
    
        * Added src/winrand.c for Crypto.Util.winrandom and
          now use winrandom for _randomize if possible.
          (Calls Windows CryptoAPI CryptGenRandom)
    
        * Several additional places for stirring the pool,
          capturing inter-event entropy when reading/writing,
          stirring before and after saves.
    
        * RandomPool.add_event now returns the number of
          estimated bits of added entropy, rather than the
          pool entropy itself (since the pool entropy is
          capped at the number of bits in the pool)
    
        * Moved termios code from KeyboardRandomPool into a
          KeyboardEntry class, provided a version for Windows
          using msvcrt.
    
        * Fix randpool.py crash on machines with poor timer resolution.
          (Reported by Mark Moraes and others.)
    
        * If the GNU GMP library is available, two C extensions will be 
          compiled to speed up RSA and DSA operations.  (Contributed by 
          Paul Swartz.)
    
        * DES3 with a 24-byte key was broken; now fixed.  
      (Patch by Philippe Frycia.)