Releases: dchest/scrypt-async-js
v2.0.1 — Fix for Uint8Array longer than 64 bytes
- Fixed throwing error when password input was
Uint8Array
longer than 64 bytes (string
orArray
inputs not affected). Thanks to @TotalTechGeek for finding and fixing the bug. - Removed bower packaging.
v2.0.0 — UTF-8 encoding fix
After a code re-review I discovered that the internal function that encodes strings to UTF-8 bytes didn't properly encode surrogate pairs, such as emoji, making it incompatible with other implementations that use proper UTF-8 encoding. The function has been fixed.
This change requires a semver-major version, since previously encoded strings that contained surrogate pairs would produce different derived keys than the fixed version. This doesn't apply if you supplied passwords or salts as Array
or Uint8Array
.
Note that the fixed implementation will raise exception if the source string has incorrect UTF-16 encoding (with incomplete surrogate pairs), since it can't be encoded in UTF-8.
PS This bug highlights the importance of having a single reliable and tested text encoder rather than putting custom encoders into every single package, and I regret including one in this package, especially since it already had a similar bug. The current, fixed implementation has been mostly copied from my highly tested implementation in StableLib. Now that modern browser have TextEncoder and Node.js has Buffer, there's no reason to include UTF-8 coders into every package.
v1.3.1
v1.3.0
- New modern API which accepts options object (see README for documentation). The old "legacy" way to call
scrypt
function is still available and while it's marked as deprecated in documentation, we don't plan to remove it anytime soon. - Added support for scrypt parallelization parameter
p
> 1 with modern API. It can be used to increase CPU cost without increasing memory usage. Like reference implementation, it currently doesn't use multiple cores and thus runs sequentially. - Encoding argument, in addition to previously supported
"hex"
and"base64"
, now recognizes"binary"
: in this case the callback receivesUint8Array
(it is equivalent to not specifying encoding and then doingnew Uint8Array(result)
). As before, if no encoding is specified, the callback receivesArray
of bytes as a result. - Fixed a typo in error message.
v1.2.0
Use setImmediate
instead of zero setTimeout
when it's available to massively improve performance with small interruptStep
. To benefit from this feature in most browsers, use a shim, such as https://github.com/YuzuJS/setImmediate.
v1.1.0
v1.0.2 — Important character encoding bug fix
Previous versions incorrectly converted 3-byte character strings (such as in Chinese) to UTF8. If you passed password or salt as a string
, you are affected: for 3-byte characters, the scrypt
function produced incorrect result. If you passed Array
or Uint8Array
, you are not affected, as no UTF8 conversion is done in this case.
This version fixes the bug.