Long time, no release! I'm kicking off working on oath-toolkit with this release to fix some minor issues. Now is a good time to ping me about anything I have neglected to do wrt oath-toolkit.
** liboath: Support TOTP with HMAC-SHA256 and HMAC-SHA512. This adds new APIs oath_totp_generate2, oath_totp_validate4 and oath_totp_validate4_callback. ** oathtool: The --totp parameter now take an optional argument to specify MAC. For example use --totp=sha256 to use HMAC-SHA256. When --totp is used the default HMAC-SHA1 is used, as before. ** pam_oath: Mention in README that you shouldn't use insecure keys. Suggested by Robin. ** pam_oath: Check return value from strdup. Patch by Eero Häkkinen. ** The files 'gdoc' and 'expect.oath' are now included in the tarball. Suggested by Jaroslav Škarvada. Happy hacking, Simon The OATH Toolkit makes it easy to build one-time password authentication systems. It contains shared libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm (RFC6238). OATH stands for Open AuTHentication, which is the organization that specify the algorithms. For managing secret key files, the Portable Symmetric Key Container (PSKC) format described in RFC6030 is supported. The components included in the package is: * liboath: A shared and static C library for OATH handling. * oathtool: A command line tool for generating and validating OTPs. * pam_oath: A PAM module for pluggable login authentication for OATH. * libpskc: A shared and static C library for PSKC handling. * pskctool: A command line tool for manipulating PSKC data. The project's web page is available at: http://www.nongnu.org/oath-toolkit/ Documentation for the command line tools oathtool and pskctool: http://www.nongnu.org/oath-toolkit/oathtool.1.html http://www.nongnu.org/oath-toolkit/pskctool.1.html http://www.nongnu.org/oath-toolkit/libpskc-api/pskc-tutorial-pskctool.html Manual for PAM module: http://git.savannah.gnu.org/cgit/oath-toolkit.git/tree/pam_oath/README Liboath manual: http://www.nongnu.org/oath-toolkit/liboath-api/liboath-oath.html Libpskc Tutorial & Manual http://www.nongnu.org/oath-toolkit/libpskc-api/pskc-tutorial-quickstart.html http://www.nongnu.org/oath-toolkit/libpskc-api/pskc-reference.html If you need help to use the OATH Toolkit, or want to help others, you are invited to join our oath-toolkit-help mailing list, see: https://lists.nongnu.org/mailman/listinfo/oath-toolkit-help Here are the compressed sources of the entire package: http://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-2.6.0.tar.gz (4.0MB) http://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-2.6.0.tar.gz.sig (OpenPGP) The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 3744R/54265E8C 2014-06-22 Key fingerprint = 9AA9 BDB1 1BB1 B99A 2128 5A33 0664 A769 5426 5E8C uid Simon Josefsson <[email protected]> The key is available from: http://josefsson.org/54265e8c.txt I have changed key since the last release, see my transition statement: http://blog.josefsson.org/2014/06/23/openpgp-key-transition-statement/ Here are the SHA-1 and SHA-224 checksums: 47d94633917a51527c7e545885422a464f703a2b oath-toolkit-2.6.0.tar.gz 488b20015df93761e496cd8ddb259a69cadbfa56efa9b8132e8e3f88 oath-toolkit-2.6.0.tar.gz General information on contributing: http://www.nongnu.org/oath-toolkit/contrib.html Savannah developer's home page: https://savannah.nongnu.org/projects/oath-toolkit/ Code coverage charts: http://www.nongnu.org/oath-toolkit/coverage/ Clang code analysis: http://www.nongnu.org/oath-toolkit/clang-analyzer/
signature.asc
Description: PGP signature
