[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Please test: scrypt 1.2.1a



Hi Colin and all,
thanks for the new features, some are most welcome (-P and -M especially). I
tested only on macOS Sierra, no issues. 
I had to use this trick though to get the configure-script to recognize the
openssl headers installed by Homebrew:
https://github.com/Tarsnap/scrypt/issues/20 

That aside, all is well. I guess most users install scrypt on macOS per
Homebrew anyway. 

Thanks and take care,
Christoph


On Sat, Jan 28, 2017 at 02:48:36 -0800, Colin Percival wrote:
> [Trying this again with an inline GPG signature due to list issues...]
> 
> Hi scrypt users and tarsnap alphatesters,
> 
> I've just uploaded a tarball which may be (modulo version number update)
> release 1.2.1 of my scrypt file encryption utility.  When I announced
> scrypt 1.2.0a here 18 months ago it turned out that it was broken on pretty
> much every platform except FreeBSD, so I'm hoping you guys can test this and
> make sure I haven't repeated that.
> 
> I'm asking the tarsnap alphatest list to test scrypt too, because a lot of
> the changes in scrypt will be in the next tarsnap release -- so think of this
> as a head start on alphatesting the next version of tarsnap.  As always, bug
> reports will receive bug bounties; no need to wait for the bug to appear in a
> tarsnap release.
> 
> You can download the scrypt code at
>   http://www.tarsnap.com/scrypt/scrypt-1.2.1a.tgz
> and the tarball has SHA256 hash
>   f3094ecb54860b26108d0203e2dbb677c9fb60e96063be0a16d945f43c31a04c
> .  You can also see the tree from which I rolled this almost-release at
> https://github.com/Tarsnap/scrypt if you find it useful to crawl through
> VCS history.
> 
> Significant changes since 1.2.0:
> * A new -v option instructs scrypt to print the key derivation parameters
> it has selected.
> * A new --version option prints the version number of the scrypt utility.
> * A new -P option make scrypt read the passphrase from standard input; this
> is designed for scripts which pipe a passphrase in from elsewhere.
> * A new -f option makes 'scrypt dec' ignore the amount of memory or CPU time
> it thinks decrypting a file will take, and proceed anyway; this may be useful
> in cases where scrypt's estimation is wrong.
> * The '-M maxmem' option now accepts "humanized" inputs, e.g., "-M 1GB".
> 
> There are also a variety of less visible changes: Performance improvements
> in the SHA256 routines, minor bug and compiler warning fixes, the addition
> of a test suite, and some minor code reorganization.
> 
> Assuming nobody yells (or the yells are things I can fix quickly and easily)
> I'll roll the official scrypt 1.2.1 release a week from now.
> 
> -- 
> Colin Percival
> Security Officer Emeritus, FreeBSD | The power to serve
> Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
> 
>