SpyrosLefkaditis
diff --git a/‎.github/workflows/security-tests.yml‎
Lines changed: 97 additions & 0 deletions b/‎.github/workflows/security-tests.yml‎
Lines changed: 97 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 153 additions & 0 deletions b/‎.gitignore‎
Lines changed: 153 additions & 0 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 63 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 63 additions & 0 deletions
@@ -0,0 +1,97 @@
+name: Security Tests
+
+on:
+  push:
+    branches: [ main, development ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  security-tests:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: [3.7, 3.8, 3.9, '3.10', 3.11]
+
+    steps:
+    - uses: actions/checkout@v3
+    
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v3
+      with:
+        python-version: ${{ matrix.python-version }}
+    
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -e .[dev]
+    
+    - name: Run security tests
+      run: |
+        python test.py
+    
+    - name: Run entropy analysis
+      run: |
+        python -c "
+        from main import generate_password
+        from security_utils import generate_security_report
+        password = generate_password('ci test phrase', 32, 'maximum')
+        report = generate_security_report(password, save_to_file=False)
+        entropy = report['audit_results']['entropy_analysis']['theoretical_entropy']
+        score = report['audit_results']['security_score']
+        print(f'Entropy: {entropy} bits, Security Score: {score}/100')
+        assert entropy > 190, f'Entropy too low: {entropy}'
+        assert score > 90, f'Security score too low: {score}'
+        print('Security validation passed!')
+        "
+    
+    - name: Test configuration system
+      run: |
+        python config.py
+        python -c "from config import get_config; config = get_config(); print('Configuration system working')"
+    
+    - name: Validate compliance
+      run: |
+        python -c "
+        from main import generate_password
+        from security_utils import SecurePasswordValidator
+        validator = SecurePasswordValidator()
+        password = generate_password('compliance test', 16, 'high')
+        is_valid, violations = validator.validate(password)
+        print(f'Password valid: {is_valid}')
+        if violations:
+            print(f'Violations: {violations}')
+        assert len(violations) == 0, f'Compliance violations: {violations}'
+        print('Compliance validation passed!')
+        "
+
+  code-quality:
+    runs-on: ubuntu-latest
+    
+    steps:
+    - uses: actions/checkout@v3
+    
+    - name: Set up Python
+      uses: actions/setup-python@v3
+      with:
+        python-version: '3.10'
+    
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install flake8 black mypy
+    
+    - name: Lint with flake8
+      run: |
+        # stop the build if there are Python syntax errors or undefined names
+        flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
+        # exit-zero treats all errors as warnings
+        flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+    
+    - name: Check formatting with black
+      run: |
+        black --check --diff .
+    
+    - name: Type check with mypy
+      run: |
+        mypy main.py config.py security_utils.py --ignore-missing-imports
@@ -0,0 +1,153 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# FibroHash specific
+password_*.log
+security_report_*.json
+*.bak
+.DS_Store
+Thumbs.db
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# Testing
+.coverage
+htmlcov/
+.pytest_cache/
+test_results/
+
+# Documentation
+docs/_build/
+docs/build/
@@ -0,0 +1,63 @@
+# Changelog
+
+All notable changes to FibroHash will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [2.0.0] - 2025-10-27
+
+### Added
+- Enterprise-grade cryptographic security implementation
+- PBKDF2-HMAC-SHA256 key derivation with configurable iterations
+- Comprehensive security auditing and compliance validation
+- Multi-level security configuration (Standard/High/Maximum)
+- Entropy analysis tools for research applications
+- Timing attack resistance mechanisms
+- Standards compliance validation (NIST, PCI DSS, ISO27001)
+- Professional configuration management system
+- Comprehensive test suite with security validation
+- Research-focused API for reproducible analysis
+- JOSS-compliant documentation and paper
+- GitHub Actions CI/CD pipeline
+- Professional setup.py for package distribution
+
+### Changed
+- Complete rewrite of password generation algorithm
+- Replaced predictable Fibonacci sequences with HMAC-based generation
+- Enhanced input validation and sanitization
+- Improved error handling and logging
+- Updated documentation for research applications
+
+### Removed
+- Insecure predictable mathematical sequences
+- Weak random number generation
+- Simple bitwise operations without cryptographic foundation
+- Timing attack vulnerabilities
+- Deterministic password generation (security improvement)
+
+### Security
+- Eliminated all known security vulnerabilities from previous versions
+- Implemented cryptographically secure salt generation
+- Added protection against rainbow table attacks
+- Enhanced resistance to timing and statistical analysis attacks
+- Achieved 192+ bits theoretical entropy for standard configurations
+
+### Fixed
+- Input injection vulnerabilities
+- Predictable output patterns
+- Insufficient entropy generation
+- Lack of proper cryptographic foundations
+- Missing security compliance validation
+
+## [1.x.x] - Historical
+
+### Deprecated
+- All previous versions are deprecated due to security vulnerabilities
+- Users should migrate to version 2.0.0 immediately for security
+
+---
+
+## Security Notice
+
+Version 2.0.0 represents a complete security rewrite. All previous versions contain security vulnerabilities and should not be used in production environments. The new version is not backward compatible due to fundamental security improvements.