[Koha-bugs] [Bug 28998] Encrypt borrowers.secret
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jan 17 15:35:40 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28998
--- Comment #7 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
This is what we do with the API secret using Crypt::Eksblowfish::Bcrypt :
$self->set(
{ secret => Koha::AuthUtils::hash_password(
$self->{_plain_text_secret} ),
client_id => $self->_generate_unused_uuid('client_id'),
}
Just reading a bit, it seems that AES is preferred over Blowfish. But this is
theoretical and about larger texts to encrypt.
Since we are only crypting a short secret here, I wonder if we should not stick
to Blowfish here and use what we already have instead of yet another module?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list