Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release version v0.11 #33

Closed
ctdean opened this issue Jan 16, 2018 · 10 comments
Closed

Release version v0.11 #33

ctdean opened this issue Jan 16, 2018 · 10 comments

Comments

@ctdean
Copy link

ctdean commented Jan 16, 2018

We've started to use caesium (which is great) and wanted to use some of the pwhash functions. What's the ETA on the next release?

Thanks!
@lvh
Copy link
Owner

lvh commented Jan 18, 2018

I hope to take a look tonight to see what needs to change before I can comfortably cut a release. I'm on a newish laptop here but I'm not expecting any difficulties with Clojars or anything.

@lvh
Copy link
Owner

lvh commented Jan 18, 2018

(Also, if you don't mind disclosing, I'd love to know who's using caesium and what for :))

@lvh
Copy link
Owner

lvh commented Jan 18, 2018

I can't get the tests to pass on this machine. Do the tests run in a checkout for you, and with which version of libsodium?

@lvh
Copy link
Owner

lvh commented Jan 18, 2018

Ugh. Looks like libsodium changed the default hashing algorithm between 1.0.14 and 1.0.15.

@lvh lvh mentioned this issue Jan 18, 2018
Closed
@lvh
Copy link
Owner

lvh commented Jan 18, 2018

There are a few other issues here that need to be resolved:

  • documentation for pwhash
  • support for 1.0.14 and 1.0.15 (Make tests work on both 1.0.14 and 1.0.15 #34)
  • pwhash operations can fail, but currently this code doesn't raise when it does. For example, when you run these tests on 1.0.14, you just get an all-zero buffer back:
FAIL in (pwhash-argon2id-alg-argon2id13-test) (pwhash_test.clj:143)

expected: "86b902e6577791ff5e1aaa73a57d21ee7a8822ed8e183940af4fa1ba6ab9803c"
  actual: "0000000000000000000000000000000000000000000000000000000000000000"

    diff: - "86b902e6577791ff5e1aaa73a57d21ee7a8822ed8e183940af4fa1ba6ab9803c"
          + "0000000000000000000000000000000000000000000000000000000000000000"

This appears to be because in between 1.0.15 and 1.0.14, libsodium increased the mandatory minimum operations limit (OPSLIMIT_MIN) for argon2id changed from 1 to 3.

At least we're in good company: joshjdevl/libsodium-jni#93

@lvh
Copy link
Owner

lvh commented Jan 18, 2018

(For context, if you look at the PR: I didn't write the pwhash functionality and haven't thoroughly tested it, which is why I haven't cut a release yet. Looks like that wasn't a bad call :))

This was referenced Jan 18, 2018
Closed
Closed
@ctdean
Copy link
Author

ctdean commented Jan 18, 2018

Thanks for all the work.

We're using caesium in our startup in SF. We've wanted to use sodium for a while, but our last gig was inside a US Bank and for complicated reasons we could get the library installed there.

@ctdean
Copy link
Author

ctdean commented Jan 18, 2018

Version wise, we're still running 1.0.13, but I assumed we would upgrade soon.

@lvh
Copy link
Owner

lvh commented Jan 18, 2018

@ctdean Does that mean that the tests fail for you?

@lvh
Copy link
Owner

lvh commented Sep 5, 2020

Closing because there are other tickets covering what needs to get done, and this has been open for a while :)

@lvh lvh closed this as completed Sep 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ctdean @lvh