[Koha-bugs] [Bug 33934] 'No encryption_key in koha-conf.xml' needs more detail
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Oct 4 01:23:08 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33934
--- Comment #16 from David Cook <dcook at prosentient.com.au> ---
(In reply to Marcel de Rooy from comment #15)
> For purists, taken from Crypt::CBC
>
> -pass,-key The encryption/decryption passphrase. These arguments
> are interchangeable, but -pass is preferred
> ("key" is a misnomer, as it is not the literal
> encryption key).
>
> So our "encryption key" is a misnnomer too :)
> It is a passphrase used to generate the real encryption key.
That's true although I think colloquially it's all right to call it the
encryption key.
> We say now: We recommend one of at least 32 bytes.
> It should be formally at least 16 bytes (AES blocksize) in order to be safe.
> So 32 is fine. Shouid we enforce a minimum length in Koha::Encryption?
Probably a good idea.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list