From: Steven Tobin Date: Wed, 13 Jul 2016 16:42:51 +0000 (+0100) Subject: Update README and setup for 1.7.0 X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=b2831c0fdca5906074c36faeb2b93e8a518f44ea;p=redacted-XKCD-password-generator.git Update README and setup for 1.7.0 --- diff --git a/README.rst b/README.rst index 4d83166..20a5cbb 100644 --- a/README.rst +++ b/README.rst @@ -142,6 +142,17 @@ While `generate_xkcdpassword()` takes:: delimiter=" " +Insecure random number generators +================================= +`xkcdpass` uses crytographically strong random number generators where possible (provided by `random.SystemRandom()` on most modern operating systems). From version 1.7.0 falling back to an insecure RNG must be explicitly enabled, either by using a new command line variable before running the script:: + + xkcdpass --allow-weak-rng + +or setting the appropriate environment variable:: + + export XKCDPASS_ALLOW_WEAKRNG=1 + + Filtered word list =================== While we recommend the standard word list for most purposes, we note that this list is uncensored and, as such, generated passwords could offend. For this reason, `a filtered word list can be found in the github repo `_ (filtered by Twig Nyugen and included here with permission). @@ -151,6 +162,7 @@ An important caveat: due to the significant reduction in the size of the filtere Changelog ========= +- **1.7.0** require explicit permission to fall back to insecure PRNG - **1.6.4** fix broken link in README - **1.6.3** ensure deduplication of wordlist - **1.6.2** move contributors to stand-alone CONTRIBUTORS file diff --git a/setup.py b/setup.py index 89be320..93c7392 100644 --- a/setup.py +++ b/setup.py @@ -3,7 +3,7 @@ from setuptools import setup setup( name='xkcdpass', - version='1.6.4', + version='1.7.0', author='Steven Tobin', author_email='steventtobin@gmail.com', url='https://github.com/redacted/XKCD-password-generator',