Workflow

Pwdsphinx

Latest version: v2.0.3

Safety actively analyzes 723158 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 2 of 8

2.0.0rc5

This release fixes a security weakness, now authentication requires signatures also over the original request in addition to the nonce. (thx mossmann)

And this release introduces a `healthcheck` operation, which must be initialized by running "sphinx init" or manually creating a record:


echo -n "all ok?" | env/bin/sphinx create healthcheck "sphinx servers" "everything works fine"


the `sphinx healthcheck` op only runs until the ratelimit challenge is returned by the server, which is a light way to check if all servers are responsive. a full `get` operation is more heavy (it can ramp up your ratelimit difficulty quickly) but also more complete. (thx endre for the idea)

2.0.0rc4

This rc fixes upgrading of v1 TOTP secrets to v2, and the sphinx-x11 `otp` verb which doesn't depend on oathtool anymore.

2.0.0rc3

i'm too stupid for git.

2.0.0rc2

this release brings

- a fix for otp:// records
- a new config var ltsigkey_path pointing at a pubkey, and the `ltsigkey` alternatively containing the same pubkey as a base64 encoded value instead.
- made the deletion of v1 records a bit more robust
- documented the webauthn_data_dir config variable
- updated unittests

2.0.0rc1

this is the first release candidate for v2.0 of pwdsphinx.

since the last beta a bunch of backward compatibility features have been added, so you can upgrade your v1 server to a v2 server and use a v2 client with them, while still having access to the passwords created with v1.

do a backup, start dogfooding and reporting any remaining issues before we go v2.0.

1.99.3beta

This release **depends on liboprf v0.6.0**, it brings

- bugfixes for the unittests that were randomly failing if the underlying CPUs were busy, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1092041
- oracle now uses `select()` in order to fix that sometimes kids are not rejoined in time.
- fix all kind of contrib scripts in case a password starts with a dash (thx jonathan)
- updated manpages and example config
- opaque-store integration
- webauthn integration in the webextensions (thx asciimoo!)
- adapted to liboprf v0.6.0
- added final argon2i hardening hashing step to the output of the oprf - which was there with libsphinx, but not with liboprf (thx stsch9)
- changed size of rwd from 32 bytes to 64 bytes
- disabled non-deterministic test_get_inv_mpwd

Page 2 of 8

Links

Releases

Has known vulnerabilities

Previous Next

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.