Changes since v1.0.19
Sphinx:
- Threshold operation, uses liboprf instead of libsphinx
- Userlist can be switched off, increasing security, decreasing UX.
- Converters: start our username with schemas otp://, sphage:// or raw://
to get an TOTP, an age secret key, or the raw 64 bytes output from SPHINX - new converters: minisign:// and ssh-ed25519://
- switched config syntax from python config, to TOML
- new healthcheck op to quickly check if the servers are operational
- the record ID now also includes the name of the server, making these IDs
unique for each. - delete empty userblobs automatically
- Output is 512 bit instead of 256 bit in v1.
- "vendored" and merged webextensions into one, added webauthn support with
keys derived from SPHINX. - OPAQUE-Store integration
- automatically upgrade v1 single-server records into threshold setup records
- QRcode inludes all servers and the new option for userlist and the
threshold.
Oracle:
- supports threshold operation, most importantly create and change ops, the
other ops are ignorant whether an op is threshold or single. - oracle now supports skipping handling of userlists when presented with an
all-zero userlist record id. - there is now an init command, that creates a long-term signature key if
none is found where the configuration points at. - OPRF keys are 33B instead of 32.
- a socket activation mode no forking, only processing one request.
(zphinx-zerver only) - environment vars (ORACLE_) allow over-riding any config settings
(zphinx-zerver only)