https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33934 --- Comment #16 from David Cook <dcook@prosentient.com.au> --- (In reply to Marcel de Rooy from comment #15)
For purists, taken from Crypt::CBC
-pass,-key The encryption/decryption passphrase. These arguments are interchangeable, but -pass is preferred ("key" is a misnomer, as it is not the literal encryption key).
So our "encryption key" is a misnnomer too :) It is a passphrase used to generate the real encryption key.
That's true although I think colloquially it's all right to call it the encryption key.
We say now: We recommend one of at least 32 bytes. It should be formally at least 16 bytes (AES blocksize) in order to be safe. So 32 is fine. Shouid we enforce a minimum length in Koha::Encryption?
Probably a good idea. -- You are receiving this mail because: You are watching all bug changes.