Skip to content

Releases: dchest/scrypt-async-js

v2.0.1 — Fix for Uint8Array longer than 64 bytes

08 Sep 21:44
Compare
Choose a tag to compare
  • Fixed throwing error when password input was Uint8Array longer than 64 bytes (string or Array inputs not affected). Thanks to @TotalTechGeek for finding and fixing the bug.
  • Removed bower packaging.

v2.0.0 — UTF-8 encoding fix

24 Jan 19:04
Compare
Choose a tag to compare

After a code re-review I discovered that the internal function that encodes strings to UTF-8 bytes didn't properly encode surrogate pairs, such as emoji, making it incompatible with other implementations that use proper UTF-8 encoding. The function has been fixed.

This change requires a semver-major version, since previously encoded strings that contained surrogate pairs would produce different derived keys than the fixed version. This doesn't apply if you supplied passwords or salts as Array or Uint8Array.

Note that the fixed implementation will raise exception if the source string has incorrect UTF-16 encoding (with incomplete surrogate pairs), since it can't be encoded in UTF-8.

PS This bug highlights the importance of having a single reliable and tested text encoder rather than putting custom encoders into every single package, and I regret including one in this package, especially since it already had a similar bug. The current, fixed implementation has been mostly copied from my highly tested implementation in StableLib. Now that modern browser have TextEncoder and Node.js has Buffer, there's no reason to include UTF-8 coders into every package.

v1.3.1

06 Mar 21:49
v1.3.1
Compare
Choose a tag to compare

Documentation fixes.

v1.3.0

06 Sep 12:21
v1.3.0
Compare
Choose a tag to compare
  • New modern API which accepts options object (see README for documentation). The old "legacy" way to call scrypt function is still available and while it's marked as deprecated in documentation, we don't plan to remove it anytime soon.
  • Added support for scrypt parallelization parameter p > 1 with modern API. It can be used to increase CPU cost without increasing memory usage. Like reference implementation, it currently doesn't use multiple cores and thus runs sequentially.
  • Encoding argument, in addition to previously supported "hex" and "base64", now recognizes "binary": in this case the callback receives Uint8Array (it is equivalent to not specifying encoding and then doing new Uint8Array(result)). As before, if no encoding is specified, the callback receives Array of bytes as a result.
  • Fixed a typo in error message.

v1.2.0

02 Oct 08:42
Compare
Choose a tag to compare

Use setImmediate instead of zero setTimeout when it's available to massively improve performance with small interruptStep. To benefit from this feature in most browsers, use a shim, such as https://github.com/YuzuJS/setImmediate.

v1.1.0

13 May 13:54
Compare
Choose a tag to compare
  • Made interruptStep argument optional (defaults to 1000).
  • If interruptStep is zero, scrypt won't split calculation with setTimeout, passing result to callback immediately after calculating it.

v1.0.2 — Important character encoding bug fix

04 May 14:06
Compare
Choose a tag to compare

Previous versions incorrectly converted 3-byte character strings (such as in Chinese) to UTF8. If you passed password or salt as a string, you are affected: for 3-byte characters, the scrypt function produced incorrect result. If you passed Array or Uint8Array, you are not affected, as no UTF8 conversion is done in this case.

This version fixes the bug.