https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33934
--- Comment #16 from David Cook <[email protected]> --- (In reply to Marcel de Rooy from comment #15) > For purists, taken from Crypt::CBC > > -pass,-key The encryption/decryption passphrase. These arguments > are interchangeable, but -pass is preferred > ("key" is a misnomer, as it is not the literal > encryption key). > > So our "encryption key" is a misnnomer too :) > It is a passphrase used to generate the real encryption key. That's true although I think colloquially it's all right to call it the encryption key. > We say now: We recommend one of at least 32 bytes. > It should be formally at least 16 bytes (AES blocksize) in order to be safe. > So 32 is fine. Shouid we enforce a minimum length in Koha::Encryption? Probably a good idea. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
