https://git.schokokeks.org/derivepassphrase.git/tree/689cf84c5396b0d92909c554d5c2a75453c55c24 Recent commits feed provided by GitList. They are constants, they are not priviledged information, and having to keep indirectly referring to them instead of directly is rather irritating. https://git.schokokeks.org/derivepassphrase.git/commit/689cf84c5396b0d92909c554d5c2a75453c55c24 software@the13thletter.info (Marco Ricci) Wed, 29 Jan 2025 15:28:07 +0100 689cf84c5396b0d92909c554d5c2a75453c55c24 Any method that accepts `bytes` and `bytearray` now also accepts arbitrary Buffer-type classes such as `memoryview` and `array.array`. The return values (mostly `bytes`, sometimes `bytearray`) remain unchanged. https://git.schokokeks.org/derivepassphrase.git/commit/7dc1d96b25a124f2f599e261c168928bc375a677 software@the13thletter.info (Marco Ricci) Wed, 29 Jan 2025 15:07:21 +0100 7dc1d96b25a124f2f599e261c168928bc375a677 * t/equivalent-hmac-keys: Document the vault "interchangable passphrases" artefact in the changelog Reformat "vault" tests Document the vault "interchangable passphrases" artefact as an FAQ Detect (and test for) pairs of interchangable vault passphrases Add hypothesis-based test for service name dependence of derived passphrases https://git.schokokeks.org/derivepassphrase.git/commit/4b53216d8b2115fb794a23a8b17d9c8a00af4ed2 software@the13thletter.info (Marco Ricci) Tue, 28 Jan 2025 14:30:28 +0100 4b53216d8b2115fb794a23a8b17d9c8a00af4ed2 * t/documentation-fixes: (24 commits) Move commands' `--help` tests out of transition group Make CLI testing helper functions, data and strategies public Add hypothesis-based service name type tests for the "vault" module Signal failed assumptions instead of passing tests in the "vault" module Document hypothesis examples for "vault" tests the proper way Rearrange hypothesis tests in the `vault` module Rearrange hypothesis tests in the `ssh_agent` module Add more hypothesis tests for the `ssh_agent` module Fix improper `re` escape pattern in `ssh_agent` tests Add hypothesis tests for the `exporter` module Add hypothesis tests for the `sequin` module Remove use of the monkeypatch test fixture in favor of the context manager Prefilter some hypothesis candidate lists before sampling Add a "flaky" hypothesis profile to find flaky tests Fix test output on PyPy 3.9 due to differing error message texts Move repetitive hypothesis strategy definition to separate functions Explicitly test JS truthiness of NaN Allow test key suitability check to be dependent on the connected agent Make multiple private test attributes and functions public Add hypothesis inventory to documentation ... https://git.schokokeks.org/derivepassphrase.git/commit/e0810c5d6b0cf4f2549c8354bfe020c35b211c41 software@the13thletter.info (Marco Ricci) Tue, 28 Jan 2025 14:30:21 +0100 e0810c5d6b0cf4f2549c8354bfe020c35b211c41 https://git.schokokeks.org/derivepassphrase.git/commit/57540d34c623df38829850936d85a6864618938a software@the13thletter.info (Marco Ricci) Tue, 28 Jan 2025 14:09:47 +0100 57540d34c623df38829850936d85a6864618938a These tests aren't specific to the v1.0 transition, and if we still want to keep them in some way or another, they should probably outlast v1.0. https://git.schokokeks.org/derivepassphrase.git/commit/5ff8445cd241e69f31093a7848b305f902e2739f software@the13thletter.info (Marco Ricci) Tue, 28 Jan 2025 11:03:57 +0100 5ff8445cd241e69f31093a7848b305f902e2739f Make these helpers public in the sense that they get picked up by the API documentation generator. https://git.schokokeks.org/derivepassphrase.git/commit/f3dd59c5f9cb04aad5a979485deea2b2ec30d1fa software@the13thletter.info (Marco Ricci) Tue, 28 Jan 2025 00:15:01 +0100 f3dd59c5f9cb04aad5a979485deea2b2ec30d1fa Reformat the "vault" tests. This includes retiring the `Vault` type alias and using the proper Google-style `vault.Vault` instead, because the API documentation does not correctly resolve this type alias otherwise. https://git.schokokeks.org/derivepassphrase.git/commit/6a7423c92f8bda8e46e632f282bce18d4be673d7 software@the13thletter.info (Marco Ricci) Mon, 27 Jan 2025 19:46:57 +0100 6a7423c92f8bda8e46e632f282bce18d4be673d7 https://git.schokokeks.org/derivepassphrase.git/commit/431cc9945c8a8fc58a2042ceeb20f253028b383c software@the13thletter.info (Marco Ricci) Mon, 27 Jan 2025 19:39:03 +0100 431cc9945c8a8fc58a2042ceeb20f253028b383c The "vault" derivation scheme internally uses PBKDF2-HMAC-SHA1 to generate a pool of random bits from which the derived passphrase is constructed. Here, the master passphrase is passed directly to HMAC-SHA1 as the key; see [RFC 2898][]. By construction, HMAC-SHA1 requires keys to be exactly 64 bytes long (the internal block size of SHA1), so keys larger or smaller than 64 bytes are mapped to equivalent 64-byte keys. This keyspace reduction means that master passphrases under vault are not unique, and since the mapping is simple enough, "master passphrase collisions" have actually been observed during hypothesis testing. Therefore, we implement a new interface to query whether two master passphrases are interchangable under vault. We also test expected interchangability and non-interchangability of master passphrases explicitly with hypothesis-based tests, both for mixed passphrase categories (larger than, smaller than, or exactly 64 bytes) and for each category separately. [RFC 2898]: https://datatracker.ietf.org/doc/html/rfc2898 "See Section 5.2 and Appendix B.1.1." https://git.schokokeks.org/derivepassphrase.git/commit/470f33abffac488a3c54aeda7c0ca2761404e51e software@the13thletter.info (Marco Ricci) Mon, 27 Jan 2025 15:36:38 +0100 470f33abffac488a3c54aeda7c0ca2761404e51e