Bcrypt.net Versions Save

What's Changed

• Bump Microsoft.NET.Test.Sdk from 16.7.1 to 16.8.0 by @dependabot-preview in https://github.com/BcryptNet/bcrypt.net/pull/77
• Bump Microsoft.NET.Test.Sdk from 16.8.0 to 16.8.3 by @dependabot-preview in https://github.com/BcryptNet/bcrypt.net/pull/80
• Update readme to reflect default hash factor by @KristofferK in https://github.com/BcryptNet/bcrypt.net/pull/86
• Bump Microsoft.NET.Test.Sdk from 16.8.3 to 16.9.1 by @dependabot-preview in https://github.com/BcryptNet/bcrypt.net/pull/87
• Bump Microsoft.NET.Test.Sdk from 16.9.1 to 16.9.4 by @dependabot-preview in https://github.com/BcryptNet/bcrypt.net/pull/95
• Upgrade to GitHub-native Dependabot by @dependabot-preview in https://github.com/BcryptNet/bcrypt.net/pull/96
• Bump BenchmarkDotNet from 0.12.1 to 0.13.0 by @dependabot in https://github.com/BcryptNet/bcrypt.net/pull/97
• Bump Microsoft.NET.Test.Sdk from 16.9.4 to 16.10.0 by @dependabot in https://github.com/BcryptNet/bcrypt.net/pull/98
• Bump Microsoft.NET.Test.Sdk from 16.10.0 to 16.11.0 by @dependabot in https://github.com/BcryptNet/bcrypt.net/pull/101
• Bump BenchmarkDotNet from 0.13.0 to 0.13.1 by @dependabot in https://github.com/BcryptNet/bcrypt.net/pull/100
• Bump Microsoft.NET.Test.Sdk from 16.11.0 to 17.0.0 by @dependabot in https://github.com/BcryptNet/bcrypt.net/pull/102
• Bump Microsoft.NET.Test.Sdk from 17.0.0 to 17.1.0 by @dependabot in https://github.com/BcryptNet/bcrypt.net/pull/105

New Contributors

• @KristofferK made their first contribution in https://github.com/BcryptNet/bcrypt.net/pull/86
• @dependabot made their first contribution in https://github.com/BcryptNet/bcrypt.net/pull/97

Full Changelog: https://github.com/BcryptNet/bcrypt.net/compare/4.0.2...4.0.3

• Adds .net 5 target
• Sets using/dispose pattern on shaxxx usage in enhanced entropy version

v4.0.0 (breaking changes) - A bug in Enhanced Hashing was discovered that causes the hashes created to be inoperable between different languages. V4 provides the fix for this as well as adding test vectors from PHP and Python to ensure the issue remains fixed in the future. V4 also removes the legacy 384 option that came before Base64 was added.

v3.5.0 - A bug in Enhanced Hashing was discovered that causes the hashes created to be inoperable between different languages. As part of the fix 3.5 release contains the ability to Verify and HashPassword were given an additional v4CompatibleEnhancedEntropy parameter. This allows the user to verify their Enhanced hash as normal; then re-hash + store using V4. This functionality is purely to allow migration and is removed in V4.

Performance (heap reduction) and removal of regex

• Heap-usage reduction in netstandard 2+ by switching key calls to span and altering array use in encoding.
• Removes regex dependency and changes hash parser to custom parser
• Addition of benchmarking projects
• Adds dependency on System.Memory for netstandard2.0|net452|net462|net472

Big thanks to Jos Vandertil (@jvandertil) for the help.

Resolves https://github.com/BcryptNet/bcrypt.net/issues/25 Added serializable attribute to exception types

If you updated to 3.1.1 (now delisted), any credentials created using 3.1.1 will need resetting.

Test run
https://ci.appveyor.com/project/ChrisMcKee/bcrypt-net/build/tests

BROKEN DONT USE

• Adds HashType to EnhancedVerify and Verify.
• Reorganises main signature of ValidateAndReplacePassword to oldkey params / new key params and a simplified overload for basic replace (non enhanced).
• Adds tests.
• Stop EnhancedHashPassword being used with HashType.None

• Enhanced entropy defaults to SHA384 which is base64 encoded.
• You can change the hmac choice to (SHA256. SHA384, SHA512) which are all base64 encoded or Legacy384 which is SHA384 sans base64 encoding.
• HashString marked obsolete; time for it to go as its nothing but a pointer to hashpassword.