Aiootp

--------------------------


Major Changes
^^^^^^^^^^^^^

- Added ``Processes`` & ``Threads`` classes to ``asynchs.py`` which abstract
spawning & getting return values from async & sync functions intended to
be run in threads, processes or pools of the former types. This simplifies
& adds time control to usages of processes & threads throughout the
library.
- Reduced the effectiveness of timing analysis of the modular exponentiation
in the ``Opake`` class' verifiers by making the process return values
only after discrete intervals of time. Timing attacks on that part of the
protocol may still be viable, but should be significantly reduced.
- Bug fix in ``Comprende`` which should take care of warnings raised from
the ``aiocontext`` package when retrieving async generator values by
raising ``UserWarning`` within them.


Minor Changes
^^^^^^^^^^^^^

- Heavy refactorings of the ``Opake`` class.
- Various refactorings & cleanups around the package.
- Further add ``return_exceptions=True`` flag to gather calls in ``ciphers.py``.
- Added ``is_registration`` & ``is_authentication`` which take a client
hello message that begin the ``Opake`` protocol, & return ``False`` if
the message is not either a registration or authentication message,
respectively, & return ``"Maybe"`` otherwise, since these functions can't
determine without running the protocol whether or not the message is
valid.

--------------------------


Major Changes
^^^^^^^^^^^^^

- Added a new oblivious, one-message, password authenticated key exchange
protocol class in ``aiootp.ciphers.Opake``. It is a first attempt at the
protocol, which works rather well, but may be changed or cleaned up in a
future update.
- Added the ``cryptography`` package as a dependency for elliptic curve
25519 diffie-hellman key exchange in the ``Opake`` protocol.
- Fix buggy data processing functions in ``generics.py`` module.
- Added ``silent`` flag to ``AsyncDatabase`` & ``Database`` methods, which
allows their instances to finish initializing even if a file is missing
from the filesystem, normally causing a ``FileNotFoundError``. This makes
trouble-shooting corrupted databases easier.
- Added new ``aiootp.paths.SecurePath`` function which returns the path to
a unique directory within the database's default directory. The name of
the returned directory is a cryptographic value used to create & open the
default database used by the ``Opake`` class to store the cryptographic
salt that secures the class' client passwords. It's highly recommended
to override this default database by instantiating the Opake class with
a custom user-defined key. The instance doesn't need to be saved, since
all the class' methods are either class or static methods. The ``__init__``
method only changes the class' default database to one opened with the
user-defined ``key`` &/or ``directory`` kwargs, & should really only be
done once at the beginning of an application.


Minor Changes
^^^^^^^^^^^^^

- Various refactorings & cleanups around the package.
- Added ``Comprende`` class feature to return the values from even the
generators within an instance's arguments. This change better returns
values to the caller from chains of ``Comprende`` generators.
- Fixed ``commons.BYTES_TABLE`` missing values.
- Added ``commons.DH_PRIME_4096_BIT_GROUP_16`` & ``commons.DH_GENERATOR_4096_BIT_GROUP_16``
constants for use in the ``Opake`` protocol's public key verifiers.
- Added other values to the ``commons.py`` module.
- Added new very large no-collision hash functions to the ``generics.py``
module used to xor with diffie-hellman public keys in the ``Opake`` class.
- Added new ``wait_on`` & ``await_on`` ``Comprende`` generators to ``generics.py``
which waits for a queue or container to be populated & yields it whenever
it isn't empty.

-------------------------


Major Changes
^^^^^^^^^^^^^

- Speed & efficiency improvements in the ``Comprende`` class & ``azip``.


Minor Changes
^^^^^^^^^^^^^

- Various refactorings & code cleanups.
- Added ``apop`` & ``pop`` ``Comprende`` generators to the library.
- Switched the default character table in the ``ato_base``, ``to_base``,
``afrom_base``, & ``from_base`` chainable generator methods from the 62
character ``ASCII_ALPHANUMERIC`` table, to the 95 character ``ASCII_TABLE``.
- Made the digits generators in ``randoms.py`` automatically create a new
cryptographically secure key if a key isn't passed by a user.
- Some extra data processing functions added to ``generics.py``.

-------------------------


Major Changes
^^^^^^^^^^^^^

- Added ``passcrypt`` & ``apasscrypt`` instance methods to ``OneTimePad``,
``Keys``, & ``AsyncKeys`` classes. They produce password hashes that are
not just secured by the salt & passcrypt algorithm settings, but also by
their main symmetric instance keys. This makes passwords infeasible to
crack without also compromising the instance's 512-bit key.


Minor Changes
^^^^^^^^^^^^^

- Further improvements to the random number generator in ``randoms.py``.
Made its internals less sequential thereby raising the bar of work needed
by an attacker to successfully carry out an order prediction attack.
- Added checks in the ``Passcrypt`` class to make sure both a salt &
password were passed into the algorithm.
- Switched ``PermissionError`` exceptions in ``Passcrypt._validate_args``
to ``ValueError`` to be more consistent with the rest of the class.
- Documentation updates / fixes.

-------------------------


Minor Changes
^^^^^^^^^^^^^

- Now any falsey values for the ``salt`` keyword argument in the library's
``keys``, ``akeys``, ``bytes_keys``, ``abytes_keys``, ``subkeys``, &
``asubkeys`` infinite keystream generators, & other functions around the
library, will cause them to generate a new cryptographically secure
pseudo-random value for the salt. It formerly only did this when ``salt``
was ``None``.
- The ``seeder`` & ``aseeder`` generators have been updated to introduce
512 new bits of entropy from ``secrets.token_bytes`` on every iteration
to ensure that the CSPRNG will produce secure outputs even if its
internal state is somehow discovered. This also allows for simply calling
the CSPRNG is enough, there's no longer a strong reason to pass new
entropy into it manually, except to add even more entropy as desired.
- Made ``size`` the last keywordCHECKSUMS.txt argument in ``encrypt`` &
``aencrypt`` to better mirror the signatures for rest of the library.
- Added ``token_bits`` & ``atoken_bits`` functions to ``randoms.py`` which
are renamings of ``secrets.randbits``.
- Refactored & improved the security og ``randoms.py``'s random number
generator.

-------------------------


Major Changes
^^^^^^^^^^^^^

- Added hmac codes to ciphertext for the following functions: ``json_encrypt``,
``ajson_encrypt``, ``bytes_encrypt``, ``abytes_encrypt``,
``Database.encrypt`` & ``AsyncDatabase.aencrypt``. This change greatly
increases the security of ciphertext by ensuring it hasn't been modified
or tampered with maliciously. One-time pad ciphertext is maleable, so
without hmac validation it can be changed to successfully allow
decryption but return the wrong plaintext. These functions are the
highest level abstractions of the library for encryption/decryption,
which made them excellent targets for this important security update.
As well, it isn't easily possible for the library to provide hmac codes
for generators that produce ciphertext, because the end of a stream of
ciphertext isn't known until after the results have left the scope
of library code. So users will need to produce their own hmac codes for
generator ciphertext unless we find an elegant solution to this issue.
These functions now all return dictionaries with the associated hmac
stored in the ``"hmac"`` entry. The bytes functions formerly returned
lists, now their ciphertext is available from the ``"ciphertext"`` entry.
And, all database files will have an hmac attached to them now. These
changes were designed to still be compatible with old ciphertexts but
they'll likely be made incompatible by the v0.11.x major release.
- Only truthy values are now valid ``key`` keyword arguments in the
library's ``keys``, ``akeys``, ``bytes_keys``, ``abytes_keys``, ``subkeys``,
& ``asubkeys`` infinite keystream generators. Also now seeding extra entropy
into ``csprng`` & ``acsprng`` when ``salt`` is falsey within them.
- Only truthy values are now valid for ``password`` & ``salt`` arguments in
``apasscrypt``, ``passcrypt`` & their variants.


Minor Changes
^^^^^^^^^^^^^

- Updates to documentation & ``README.rst`` tutorials.
- The ``kb``, ``cpu``, & ``hardness`` arguments in ``sum_passcrypt`` &
``asum_passcrypt`` chainable generator methods were switched to keyword
only arguments.