Taylor Hornby

Once #20 is finished, `passgen` should be packaged (installer and whatnot) for Windows.

We should make a way to build `passgen` deterministically, both 32-bit and 64-bit executables. Perhaps we could use Vagrant for this? Check out the state-of-the-art in reproducible builds before rolling...

Is it time to learn..............autotools.............? _dies_

Side Channel Attacks

5

`passgen` appears vulnerable to cache side channel attacks. For example, when generating a standard character password: ``` // Discard the random byte if it isn't in range. if(c < setLength)...

`coveralls.io` gives 75% test coverage. That can probably be improved. Look at the actual gconv output to see what's missing. Note that gconv screws up when running in the fakechroot...

https://github.com/defuse/php-encryption/pkgs/container/php-encryption%2Fphp-actions_phpunit_php-encryption

Switch back to GitHub Actions before my Travis-CI subscription renews

1

I had to pay for Travis-CI to fix the build tests so let's see if we can switch everything to GitHub Actions.

If users store a plain SHA256 hash of the password elsewhere, then `KeyProtectedByPassword`s can be decrypted using that hash.

3

I made a poor choice when I was separating `KeyProtectedByPassword`'s password-based encryption from the regular password-based encryption this library's public API exposes. I separated them by simply hashing the password...

I noticed this while running it locally: ``` $ vendor/bin/psalm Warning: "findUnusedBaselineEntry" will default to "true" in Psalm 6. You should explicitly enable or disable this setting. Warning: "findUnusedCode" will...

Make tests with Vagrant

1

Travis-CI can't test multiple languages in a single repository. We have to use something like Vagrant. Supersedes #26.