botan.git - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	Add new PBKDF interface that takes a std::chrono::milliseconds and	lloyd	2012-05-31	2	-19/+64
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	runs the KDF until at least that much time has passed, then returns the number of interations used. New parameter to the PKCS8 encryption routines which tells how long to run the PBKDF. Defaults to 200 milliseconds, which is short enough that it is unlikely to bother anyone but long enough to provide quite reasonable security against cracking attacks. On a Core i7-860, 200 ms with PBKDF2/SHA-1 runs about 180K to 220K iterations (compare with previous default of 10K). New PBE interface, remove new_params/set_key and require all inputs including the passphrase to be passed to the constructor. Drop the PGP S2K as it is pretty weird and not really useful outside of a full PGP implementation. Drop the deprecated PKCS8::encrypt_key and PKCS8::encode functions.
*	Fairly huge update that replaces the old secmem types with std::vector	lloyd	2012-05-18	1	-4/+4
\| \| \| \| \| \|	using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed.
*	propagate from branch 'net.randombit.botan' (head ↵	lloyd	2010-10-13	1	-1/+1
\|\ \| \| \| \| \| \| \| \| \| \|	2898d79f992f27a328a3e41d34b46eb1052da0de) to branch 'net.randombit.botan.c++0x' (head 6cba76268fd69a73195760c021b7f881b8a6552c)
\| *	Use std::to_string	lloyd	2010-09-03	1	-1/+1
\| \|
* \|	Use output_length() instead of OUTPUT_LENGTH pseudo-property	lloyd	2010-10-13	1	-2/+2
\| \|
* \|	s/u32bit/size_t/ in pbkdf	lloyd	2010-10-12	2	-10/+10
\| \|
* \|	Use size_t for BufferedComputation::add_data	lloyd	2010-10-12	1	-1/+1
\| \|
* \|	Remove more implicit vector to pointer conversions	lloyd	2010-09-14	1	-3/+4
\| \|
* \|	Anywhere where we use MemoryRegion::begin to get access to the raw pointer	lloyd	2010-09-13	1	-1/+1
\|/ \| \| \| \|	representation (rather than in an interator context), instead use &buf[0], which works for both MemoryRegion and std::vector
*	Turns out OpenSSL's implementation of PBKDF2 allows empty passphrases,	lloyd	2010-08-21	1	-5/+10
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	so for compatability with keys that were encrypted with an empty passphrase we probably want to support it as well. In PBKDF2, don't reject empty passphrases out of hand; simply call set_key and if the underlying MAC cannot use the key, throw an informative exception. This will also be more helpful in the case that someone tries using another MAC (say, CMAC) with a block cipher that only supports keys of specific sizes. In HMAC, allow zero-length keys. This is not really optimal in the sense of allowing the user to do something dumb, but a 1 byte key would be pretty dumb as well and we already allowed that. Add a test vector using an empty passphrase generated by OpenSSL
*	Fix Doxygen comment in PBKDF2 constructor	lloyd	2010-08-13	1	-2/+2
\|
*	Rename S2K to PBKDF, because that is by far the most common name - S2K	lloyd	2010-07-09	3	-0/+120
	really is only used by OpenPGP, and largely it was named S2K here because the OpenPGP S2K was implemented years before the ones in PKCS #5. We have a typedef of PBKDF to S2K, and an inlined get_s2k that calls get_pbkdf for source compatability. There doesn't seem to be any reason to have a forward for the renamed s2k.h header - to actually use a PBKDF, you'd have to either include lookup.h and call get_s2k / get_pbkdf, or else include an algorithm-specific header and use it directly. In either case, including s2k.h is neither necessary nor sufficient.