[Koha-bugs] [Bug 33934] 'No encryption_key in koha-conf.xml' needs more detail
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Oct 3 16:34:23 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33934
Marcel de Rooy <m.de.rooy at rijksmuseum.nl> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |m.de.rooy at rijksmuseum.nl
--- Comment #15 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
For purists, taken from Crypt::CBC
-pass,-key The encryption/decryption passphrase. These arguments
are interchangeable, but -pass is preferred
("key" is a misnomer, as it is not the literal
encryption key).
So our "encryption key" is a misnnomer too :)
It is a passphrase used to generate the real encryption key.
We say now: We recommend one of at least 32 bytes.
It should be formally at least 16 bytes (AES blocksize) in order to be safe. So
32 is fine. Shouid we enforce a minimum length in Koha::Encryption?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list